Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The value of detecting neutralized threats. (was RE: IDS bla

From: Vik Bajaj <vbajaj () sas upenn edu>
Date: Fri, 29 Jan 1999 23:17:00 -0500 (EST)


It does not follow from the simple fact that a threat is known, perceived, or
detected that a response should be mounted.  If we accept that assertion,
than no IDS can ever be successful.  In fact, a persuasive argument can be

made

What assertion? That IDS involves more than just a RealSecure or NFR box?
That there is all sorts of work that goes into figuring out whether or not
a response should be mounted?


No, I didn't meant to imply that it was your assertion by quoting your post.  In
fact, I think we are in agreement that an obviously great amount of thought goes
into, first, designing an IDS, and second, deciding on what to do with the
information the system collects.  My point was that these two tasks are
obviously seperable, and that there is an extreme case in which you can collect
an arbitrary amount of information and do nothing with it.  My philosophy is to
assemble a system that, in general, collects data from both sides of the
segment and discards

--Vik
Previous By Date Next
Previous By Thread Next

Current thread: