IDS mailing list archives
Re: Firewalls (was Re: IDS evaluations procedures) - AI
From: Richard Bejtlich <taosecurity () gmail com>
Date: Wed, 27 Jul 2005 15:41:20 -0400
On 7/26/05, Swift, David <dswift () ipolicynetworks com> wrote:
Any single packet or detected IDS event means little by itself, but the combination and sequence of events from the same source should allow me to increase the threat level of a given source, and correspondingly adjust my responses up to the point where I dynamically harden my firewall from his source address regardless of what data he's transmitting, AND hopefully beginning the automation of forensic analysis...
Hello, A source-centric security posture is only effective against unsophisticated attackers. I see only the most immature of intruders conducting their reconnaissance, exploitation, and so on from the same source IP or even the same net block. The only constant in any intrusion is the victim. Target-centric security is the only way to have a chance against mildly sophisticated attackers and beyond. Sincerely, Richard http://www.taosecurity.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- RE: Firewalls (was Re: IDS evaluations procedures) - AI Swift, David (Jul 27)
- Re: Firewalls (was Re: IDS evaluations procedures) - AI Richard Bejtlich (Jul 27)
- Snort 2.4 Released Jennifer Steffens (Jul 29)
- Message not available
- RE: Firewalls (was Re: IDS evaluations procedures) - AI Sanjay Rawat (Jul 29)
- Re: Firewalls (was Re: IDS evaluations procedures) - AI Richard Bejtlich (Jul 27)