Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Important Comments re: INtrusion Detection

From: "Paul M. Cardon" <pmarc () cmg fcnbd com>
Date: Wed, 18 Feb 98 11:07:52 -0600
Adam Shostack thus spake unto me:
> I think there is a place in stopping unskilled internal
> attackers.  Some situations I've helped clean up involved an employee
> searching the various engines for 'hacker tools,' downloading a bunch,
> and using them.  Given the damage that was caused there, I think there
> is value to detecting these things internally.  As the tools are
> written to make the attacks you described easy*, then the IDS vendors
> must cope or die.  A harder task than the firewall vendors have
> really, but then IDS was going to lose an awful lot when IPsec gets
> deployed...

This is exactly why I will deploy a passive IDS even though it doesn't deliver real security. For a small cost I can deploy a system that will nail the ankle-biters internally. That is the limit of what I will expect it to do, however.
---
Paul M. Cardon

On the whole, we are hostile to puns.    - Wolcott Gibbs

Sisyphus and loving it.

MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e


Previous By Date Next
Previous By Thread Next

Current thread: