Firewall Wizards mailing list archives
Re: Important Comments re: INtrusion Detection
From: "Paul M. Cardon" <pmarc () cmg fcnbd com>
Date: Wed, 18 Feb 98 11:07:52 -0600
Adam Shostack thus spake unto me: > I think there is a place in stopping unskilled internal > attackers. Some situations I've helped clean up involved an employee > searching the various engines for 'hacker tools,' downloading a bunch, > and using them. Given the damage that was caused there, I think there > is value to detecting these things internally. As the tools are > written to make the attacks you described easy*, then the IDS vendors > must cope or die. A harder task than the firewall vendors have > really, but then IDS was going to lose an awful lot when IPsec gets > deployed...
This is exactly why I will deploy a passive IDS even though it doesn't deliver real security. For a small cost I can deploy a system that will nail the ankle-biters internally. That is the limit of what I will expect it to do, however.
--- Paul M. Cardon On the whole, we are hostile to puns. - Wolcott Gibbs Sisyphus and loving it. MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e
Current thread:
- Re: Important Comments re: INtrusion Detection, (continued)
- Re: Important Comments re: INtrusion Detection Aaron Bawcom (Feb 15)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Bret Watson (Feb 14)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 15)
- Re: Important Comments re: INtrusion Detection Rick Morrow (Feb 15)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 14)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 15)
- Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 16)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Adam Shostack (Feb 18)
- Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 18)
- Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 16)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 16)
- Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 17)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 17)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 17)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 17)
- Re: Important Comments re: INtrusion Detection Doug Hughes (Feb 18)