IDS mailing list archives
Re: Usefulness of Network Intrusion Detection Systems
From: James Riden <j.riden () massey ac nz>
Date: Wed, 26 May 2004 12:36:35 +1200
Thomas <TheTom () UnixIsNot4Dummies ORG> writes:
Network-based IDSs should be limited to attacks on the network layer not the application layer.
<snip>
Maybe people are just doing it for fun or to suffice the marketing hype... I do not know.
Yeah, we just do it for fun :p
Additionally companies do not care much about switches, routers or web-servers. Sure they got bad PR if it is compromised or turned off but there is no direct lost of money connected with it.
Apart from n hours of my time investigating and fixing the problem, usually at overtime rates? Potential compromise of confidential data? The cost of having staff sitting around while critical servers are down? The IDS I run is an integral part of the detection and response to network threats. Of course I do as much as I can about prevention, but on a large network where everyone wants to be relatively free, you will have compromises and attempted attacks; especially from worms such as Blaster, Welchia, Sasser and Slammer. The IDS helped us avoid any network downtime due to Sasser and if the network is down, the cost of having staff sitting idle mounts up very quickly indeed. It does take a lot of work to manage, but IMHO it's a lot better than having no idea what's going on in your network. -- James Riden / j.riden () massey ac nz / Systems Security Engineer GPG public key available at: http://www.massey.ac.nz/~jriden/ This post does not necessarily represent the views of my employer. --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Usefulness of Network Intrusion Detection Systems Thomas (May 25)
- Re: Usefulness of Network Intrusion Detection Systems Gary Flynn (May 26)
- Re: Usefulness of Network Intrusion Detection Systems Thomas (May 27)
- Re: Usefulness of Network Intrusion Detection Systems James Riden (May 26)
- Re: Usefulness of Network Intrusion Detection Systems Thomas (May 27)
- Re: Usefulness of Network Intrusion Detection Systems James Riden (May 28)
- RE: Usefulness of Network Intrusion Detection Systems Rob Shein (May 28)
- Re: Usefulness of Network Intrusion Detection Systems Thomas (May 27)
- Re: Usefulness of Network Intrusion Detection Systems James Fields (May 28)
- Re: Usefulness of Network Intrusion Detection Systems Thomas (May 28)
- Re: Usefulness of Network Intrusion Detection Systems Gary Flynn (May 26)