IDS mailing list archives
Re: IDS testing methodologies
From: "Stephen P. Berry" <spb () meshuggeneh net>
Date: Fri, 02 Jan 2004 14:11:55 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alvin Oga writes:
in my book ... ( small world ) .. an IDS is not very useful, because, the cracker is already in your network ... game over ...
I couldn't agree less. If the history of information security has taught us anything, it is that any system can be compromised, and that any code---OS, application, script, or whathaveyou---will eventually be found to contain exploitable bugs. What does this tell us? It tells us that relying entirely on prevention is not a long-term survivable strategy. Any sane information security policy must (with the exception of a few goofy border cases) rely on: -Prevention (keeping the bad guys out) -Auditing (situational awareness) -Containment (controlling the failure mode and limiting exposure) -Remediation (damage control after the fact) To rely on anything else is to rely on voodoo and wishful thinking. I won't bore the list with a more long-winded discussion of this point, but it strikes me that working as a wee sysadminling back in the days where your MTA -was- sendmail(8) and your DNS -was- bind was probably very good at teaching some of us the importance of not relying entirely on prevention as a security strategy. It's now, what, fifteen years after the Morris worm? Whenever I hear a security professional talk about a compromise being `game over', I wonder what they -do-. - -spb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (OpenBSD) iD8DBQE/9eyJG3kIaxeRZl8RAvr5AJwLUioeUituD98cUZYjBE9iDFjBwwCgs9Xb zsp4DCpCW9ziaxC3Q0ecHQw= =q+Zr -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- IDS testing methodologies Henrik Falkenthros, direktoer (Jan 02)
- Re: IDS testing methodologies Nigel Houghton (Jan 02)
- Re: IDS testing methodologies Ron Gula (Jan 02)
- Re: IDS testing methodologies Alvin Oga (Jan 02)
- Re: IDS testing methodologies James Riden (Jan 05)
- Re: IDS testing methodologies Mike Lyman (Jan 05)
- Re: IDS testing methodologies s tart Alvin Oga (Jan 06)
- Re: IDS testing methodologies Stephen P. Berry (Jan 06)
- Re: IDS testing methodologies Sam f. Stover (Jan 02)
- RE: IDS testing methodologies Henrik Falkenthros, direktoer (Jan 05)
- Re: IDS testing methodologies hoop (Jan 05)
- Re: IDS testing methodologies Raffael Marty (Jan 08)
- <Possible follow-ups>
- RE: IDS testing methodologies Bob Walder (Jan 02)
- RE: IDS testing methodologies Raj_Dhingra (Jan 05)