IDS mailing list archives
Re: Recent anti-NIDS Gartner article
From: Stephen Samuel <samuel () bcgreen com>
Date: Tue, 17 Jun 2003 12:11:02 -0700
Mike Blomgren wrote:
If IDS is the looser, and a firewall is the solution - then why do we have surveillance cameras when we would be better off with good locks onour doors?
To folow the analogy: cameras record things that locks can't stop. A camera/NIDS with humans paying good attention to it can recognize things like somebody breaking a window, loitering suspiciously, etc. No matter how good your door locks may be, it still won't stop someone from bringing in a vehicle(tank) as a battering ram. or doing something as breaking a window to get access (had that happen to me twice!). Not to mention the use of a lockpick. With a good recording system (with or without human intervention) they can sometimes provide infomation on the identity, methods and intentions of an intruder. This can be useful either for filing later charges or simply determining what needs to be fixed to prevent a recurrence. Firewalls can prevent some of the more obvious attacks, but a well-tuned NIDS could also recognize things like suspicious outgoing connections and malicious web/ftp sites. Those are kinds of attacks that the firewall paradigm isn't really designed to handle well. -- Stephen Samuel +1(604)876-0426 samuel () bcgreen com http://www.bcgreen.com/~samuel/ Powerful committed communication. Transformation touching the jewel within each person and bring it to life. -------------------------------------------------------------------------------Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------
Current thread:
- Recent anti-NIDS Gartner article Ron Gula (Jun 17)
- RE: Recent anti-NIDS Gartner article Mike Blomgren (Jun 17)
- Re: Recent anti-NIDS Gartner article Stephen Samuel (Jun 18)
- Re: Recent anti-NIDS Gartner article nyec (Jun 17)
- Re: Recent anti-NIDS Gartner article Stephen P. Berry (Jun 18)
- <Possible follow-ups>
- RE: Recent anti-NIDS Gartner article Reverman, Peter C (Jun 17)
- RE: Recent anti-NIDS Gartner article - BruteForce Security Robert J. Mehler (Jun 17)
- Recent anti-NIDS Gartner article Srinivasa Rao Addepalli (Jun 18)
- RE: Recent anti-NIDS Gartner article Jim Butterworth (Jun 18)
- Re: Recent anti-NIDS Gartner article Michael Sierchio (Jun 18)
- RE: Recent anti-NIDS Gartner article - BruteForce Security Robert J. Mehler (Jun 17)
- Re: Recent anti-NIDS Gartner article Srinivasa Rao Addepalli (Jun 18)
- Re: Recent anti-NIDS Gartner article Stephen Samuel (Jun 19)
- Re: Recent anti-NIDS Gartner article Srinivasa Rao Addepalli (Jun 22)
- Re: Recent anti-NIDS Gartner article Stephen Samuel (Jun 19)
(Thread continues...)
- RE: Recent anti-NIDS Gartner article Mike Blomgren (Jun 17)