Firewall Wizards mailing list archives
Re: Intrusion Detection
From: Adam Shostack <adam () homeport org>
Date: Wed, 15 Apr 1998 09:21:15 -0400 (EDT)
Paul D. Robertson wrote: | On Tue, 14 Apr 1998, Marcus J. Ranum wrote: | | > There are really only 2 good reasons I can think of for ID systems: | > 1) To develop a threat level model as to how often you are attacked | > 2) To detect clueless people inside your organization who are attacking | > outside sites | | 3) To detect clueless people inside your organization, or with access to | your facilities who are attacking your own systmems. | | 4) To trend traffic to detect possible tunnels through allowed protocols | like HTTP or SSL. 5) To detect the fact that you've been hooked up to YA extranet without any protection. Also, allow me to clarify my point from yesterday (the one Marcus disagreed with 180 degrees). In talking about attack detection, I meant useful in the sense "the value you can extract from what you buy," not useful in the sense that you get more time to not be at work. The value you get from a Bro or one of its commercial relatives is that you know you're under attack. (Inset Aleph's comments here.) It detects attacks, not intrusions. Intrusions are a much broader category and decent ID software was reasonably well described by Marcus last night. Adam -- Just be thankful that Microsoft does not manufacture pharmaceuticals.
Current thread:
- Intrusion Detection shantanu bhattacharya (Apr 14)
- Re: Intrusion Detection Marcus J. Ranum (Apr 14)
- Re: Intrusion Detection tqbf (Apr 14)
- Re: Intrusion Detection Adam Shostack (Apr 14)
- Re: Intrusion Detection Marcus J. Ranum (Apr 14)
- Re: Intrusion Detection Paul D. Robertson (Apr 14)
- Re: Intrusion Detection Adam Shostack (Apr 15)
- Re: Intrusion Detection Marcus J. Ranum (Apr 15)
- Re: Intrusion Detection Marcus J. Ranum (Apr 14)
- Re: Intrusion Detection Aleph One (Apr 14)
- Re: Intrusion Detection Marcus J. Ranum (Apr 14)
- Re: Intrusion Detection Aleph One (Apr 14)
- Re: Intrusion Detection Marcus J. Ranum (Apr 14)
- Re: Intrusion Detection Adam Shostack (Apr 15)
- Re: Intrusion Detection M. Dodge Mumford (Apr 14)
- Re: Intrusion Detection emaiwald (Apr 15)
- Re: Intrusion Detection Marcus J. Ranum (Apr 15)
- Re: Intrusion Detection Marcus J. Ranum (Apr 15)
- Re: Intrusion Detection Aleph One (Apr 15)