Firewall Wizards mailing list archives
Re: INtrusion Detection
From: Aleph One <aleph1 () dfw dfw net>
Date: Tue, 17 Feb 1998 11:34:14 -0600 (CST)
On Tue, 17 Feb 1998, Gary Crumrine wrote:
I started a similar thread a few days ago on the IDS list, and it seems to have spilled over to here. One thing that I have noticed, is that we tend to deal in absolutes... A product has to meet x,y,z absolutely or it is considered BAD. I totally disagree with that thought stream. Take a look at the needs of a bank, VS. the little shop down the block that wants to protect their ten employee internet connection. Who's needs are more? I think that the first answer is both are equal. But the poor guy doesn't have the $ to spend like the bank. He needs something...so he is willing to accept more of a risk, and use something less robust IE Costing less. It makes damn good sense to me to recommend a product that may be less robust, but affordable in lieu of him going totally without..... I think we are becoming too closed minded these days. We need to root out solutions, not attacking each other's ideas My 2 cents worth
I would disagree. It is not that we are becoming more closed minded, the problem is that there is no way to measure the effectiviness of a security solution. There is no measuring stick. NCSA certification is a joke. If we where to belive every firewall or IDS vendor their software is as good or better than the nexts guy and can protect both the little guy and the large banks equaly. It was not until the SNI paper that some light was shed into the basic design flaws and vulnerabilities of network IDS's. Before it every IDS vendor would claim their software was not vulnerable. How can one recommend a product over another without having such information?
Vern
Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- INtrusion Detection Gary Crumrine (Feb 17)
- Re: INtrusion Detection Frederick M Avolio (Feb 18)
- Re: INtrusion Detection Aleph One (Feb 18)
- Practical Firewall Metrics...Was: INtrusion Detection Christopher Nicholls (Feb 20)
- Re: Practical Firewall Metrics Marcus J. Ranum (Feb 20)
- Re: Practical Firewall Metrics Michael Brennen (Feb 20)
- Re: Practical Firewall Metrics Marcus J. Ranum (Feb 20)
- Re: Practical Firewall Metrics Christopher Nicholls (Feb 24)
- Practical Firewall Metrics...Was: INtrusion Detection Christopher Nicholls (Feb 20)
- Re: Practical Firewall Metrics Bennett Todd (Feb 20)
- Re: Practical Firewall Metrics Leonard Miyata (Feb 20)
- Re: Practical Firewall Metrics...Was: INtrusion Detection Bennett Todd (Feb 20)
- <Possible follow-ups>
- Re: INtrusion Detection tqbf (Feb 18)
- Re: INtrusion Detection Adam Shostack (Feb 18)