IDS mailing list archives
Re: IDS thoughts
From: "Stefano Zanero" <stefano.zanero () ieee org>
Date: Sun, 18 May 2003 22:19:57 +0200
There's really not a whole lot else to be done in the IDS market except product improvements (code refinement,etc), signature maintenance, and keeping up with data rates. Oh, and press releases.
You are joking, right ? There's a whole lot of research still open in the IDS field. Just to begin, you are apparently forgetting that there's a whole paradigm of ID, anomaly-based detection, which has just been forgotten by the mainstream development. In the next few years, while established IDS products will strive to keep up to date their growing signature base, and face increasing performance problems, probably some attention will be returned at that preliminary choice of matching bad_things instead of good_ones. When it comes to firewalling, we all agree: you just shut down everything very tight, then open up what few ports you actually need. When it comes to privileges and authentication, we do the same thing, and we are quick to point out the error when someone tries to filter out unwanted input, instead than specifying what is the expected one. Oddly, when we talk about IDS and antivirus software, we blindly accept that there's only one way to do it: by describing what we do NOT want on our system by the mean of signature. Well, this happens to be a BAD idea, even if until now it has given us some satisfactions. Stefano Zanero ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- IDS thoughts Randy Taylor (May 13)
- Re: IDS thoughts Stephen P. Berry (May 14)
- Re: IDS thoughts Stefano Zanero (May 20)
- Re: IDS thoughts Mike Frantzen (May 20)
- Re: IDS thoughts Thomas H . Ptacek (May 20)
- Re: IDS thoughts Mike Frantzen (May 20)
- Re: IDS thoughts Thomas H . Ptacek (May 20)
- Re: IDS thoughts Ramani Yellapragada (May 20)
- Re: IDS thoughts Lance Spitzner (May 21)
- Re: IDS thoughts Stefano Zanero (May 27)
- Re: IDS thoughts Bill Royds (May 21)
- Re: IDS thoughts Mike Frantzen (May 20)
- Re: IDS thoughts Roger A. Grimes (May 21)
- Re: IDS thoughts Raistlin (May 27)