IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS thoughts

From: "Raistlin" <raistlin () gioco net>
Date: Tue, 3 Jun 2003 09:15:26 +0200
I disagree.  Anytime you have an interface between zones of different

risk,

liability, threat, or whatever, there should be:
-A policy which enunciates and addresses this difference
-A mechanism for enforcing this policy
-A mechanism for auditing the enforcement of this policy


Yes. But, as long as you can clearly DEFINE this policy, the enforcement
mechanism and the detection mechanism can be the same. If you check twice
against the same rule, you are not doing "anomaly detection" - at least, not
in my concept :-)

You are doing anomaly detection if you hunt down anomalous data in a dataset
which is not, a priori, defined by a set of formally specificable rules.

Stefano "Raistlin" Zanero
System Administrator Gioco.Net
public PGP key block at http://gioco.net/pgpkeys



-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities 
- including intrusion identification, relevancy, direction, impact and analysis 
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: