IDS mailing list archives
Re: Is IDS/IPS worthless?
From: "Andy Cuff" <lists () securitywizardry com>
Date: Sat, 21 Feb 2004 21:04:30 -0000
Hi Andrew, Lovely topic for the weekend !! What I have written below are just my feelings on the subject, to help you keep them in perspective I should point out that I'm very passionate about the use of IDS and IPS and feel similarly annoyed at these recent opinions. From what you have said you countered his suggestions very well. I would only add what would the cost to the company be if it were hacked. IMHO IDS and IPS are not dead, quite the reverse, but in order to make them useful they require a degree of continued investment and support. In some part the vendors are to blame for selling their product to organisations where they know full well that they won't be supported, in order to make a fast buck, (puts asbestos suit on). This is not always the case as I've had some refreshingly pleasant experiences from certain vendors who genuinely want to ensure that their products are optimised to the environment and phone periodically offering free visits from their support staff !!!. The organisations themselves are equally if not more blameworthy for purchasing the products without fully investigating the issues surrounding them. With regard to the business case surely the business in question is dutybound to assure the integrity of data relating to their customers, in certain circumstances they are legally bound. Now, the law does not dictate what products should be in place to provide this assurance and PERHAPS there is a case for network defense not requiring IDS/IPS to protect their network because the other methods are so effective. In which case perhaps they will use their corporate webpage saying "You Are Owned By......" to detect intrusions, or the Wall Street Journal, it's not quite "near real time" but highly effective in making those who you don't want to know, know about your lack of investment in network security. Stats always work well, has anyone investigated and recorded the drop in share prices following an attack. IDS per se won't prevent these attacks but at least they may alert the business to them having occurred and provide sufficient time to put a spin on the event. Anyone remember the recent defacement that turned out to be a honeypot ;o) I consider them essential in today's networks but I like the concept of defense in depth to run very deep, however, if an IDS or IPS isn't maintained correctly they can create more problems than they solve, as they may lull the staff into a false sense of security. just my 2 cents -andy Talisker Security Tools Directory http://www.securitywizardry.com ----- Original Message ----- From: "Andrew Plato" <aplato () anitian com> To: <focus-ids () securityfocus com> Sent: Friday, February 20, 2004 4:31 PM Subject: Is IDS/IPS worthless? --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219 ---------------------------------------------------------------------------
Current thread:
- Re: Is IDS/IPS worthless?, (continued)
- Re: Is IDS/IPS worthless? Mike Lyman (Feb 23)
- RE: Is IDS/IPS worthless? Fergus Brooks (Feb 23)
- Re: Is IDS/IPS worthless? Stefano Zanero (Feb 26)
- Re: Is IDS/IPS worthless? Josh Tolley (Feb 23)
- Re: Is IDS/IPS worthless? Konrad Rieck (Feb 23)
- RE: Is IDS/IPS worthless? Brian Taylor (Feb 23)
- RE: Is IDS/IPS worthless? Fergus Brooks (Feb 23)
- RE: Is IDS/IPS worthless? Duston Sickler (Feb 24)
- RE: Is IDS/IPS worthless? Fergus Brooks (Feb 23)
- RE: Is IDS/IPS worthless? Omar Herrera (Feb 23)
- Re: Is IDS/IPS worthless? Michael Stone (Feb 23)
- Re: Is IDS/IPS worthless? Andy Cuff (Feb 23)
- Re: Is IDS/IPS worthless? Mike Hoskins (Feb 23)
- Re: Is IDS/IPS worthless? Olaf Gellert (Feb 23)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- Re: Is IDS/IPS worthless? Olaf Gellert (Feb 23)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- Re: Is IDS/IPS worthless? Xiaoyong Wu (Feb 24)
- Re: Is IDS/IPS worthless? Michael Stone (Feb 25)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- Re: Is IDS/IPS worthless? Mike Lyman (Feb 23)
- Re: Is IDS/IPS worthless? Mike Hoskins (Feb 23)