funsec mailing list archives
Re: so, is I[dp]S a STUPID technology?
From: Aviram Jenik <aviram () beyondsecurity com>
Date: Wed, 12 Oct 2005 00:48:27 +0200
On Wednesday, 12 October 2005 00:13, Paul Schmehl wrote:
What if I *do* have a vulnerability and the IPS blocked the attack?
Then you're a very lucky guy and should go play the lottery. In this rare scenario the IPS is more up to date then your vulnerability scanner - this means you bought a crappy scanner. It also means there's a very good chance you're vulnerable to things your IPS *isn't* blocking, which means you have to re-think the way you're protecting your network.
If you can recommend an *enterprise* capable vulnerability scanner (IOW one that I can schedule massive scanning events for a class A *and* class B network and then go look at the results when I have time) that doesn't cost more than my annual budget, then please do.
I can, but I won't.
<trimmed a long rant about ISS and nessus> I can't argue with your experience (I quite agree with it, actually). But just because you tried 2 bad tools and failed doesn't mean the idea is flawed - just that you need to search a little harder. There's also a very good reason why you haven't heard of alternatives to ISS and nessus, but I really won't get into that. Enough holy wars for one day.
We all learn from each other because each of us have different skill sets and different exposures that color our outlooks.
True. This is what this discussion is about :-) I don't claim to be objective, but I have seen enough success stories to convince me closing vulnerabilities (and not hiding behind a probability blocking system) is a very real scenario.
In edu, I cannot guarantee you, even if I could five minutes ago, that I don't have vulnerabilities on my network.
That's too bad. And this is what you should change. After you fix your vulnerabilities and after you *know* you're patched against the known problems, go ahead and buy an IPS (or any other candy you wish). Also, you'll finally have the time to play with its nice GUI :-)
I could tell you stories, but you don't have the time, and neither do I. Suffice it to say that I'm vulnerable 100% of the time *somewhere* in my network, and I don't know it, because they *just* plugged the damn thing in.
On the risk of sounding re-re-re-redundant, this is what the VA tool's job is - to tell you what new vulnerable stations are suddenly there. Sorry for getting all serious in funsec; it's all because of the approaching Yom Kippur (the Hebrew 'judgement day')... - Aviram _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- so, is I[dp]S a STUPID technology? Gadi Evron (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Jordan Wiens (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Aviram Jenik (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Blue Boar (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Aviram Jenik (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Jordan Wiens (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Blue Boar (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Blue Boar (Oct 12)
- Message not available
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 13)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Robert Edmonds (Oct 20)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 20)
- Re: so, is I[dp]S a STUPID technology? Eduardo Tongson (Oct 20)
- Re: so, is I[dp]S a STUPID technology? Valdis . Kletnieks (Oct 11)