Firewall Wizards mailing list archives
RE: Intrusion Detection Systems, Best of breed?
From: "franks" <franks () nfr com>
Date: Wed, 26 Dec 2001 12:30:52 -0800
You know that the semantics of the discussion is missing an important factor a REAL life problem that mid-sized to large organizations have to deal with , SIZE/SCALE. It's great to picture the common IDS/NIDS/Honeypot for few choke points. But what happens when you have to deal with +1000 servers, and many VPN/DMZ/Internet connections? How do you analyze the data and make sense of tens of thousands of alerts, let alone false positives. Reality is that most companies will place IDS/HIDS/Honeypots on high profile segments and hope to net some bad guys, this produces great pie charts that a manager can appreciate. What is the becoming the most important in the Best of breed line up is scale? Who can scale, and how easy is it to scale? Next who can upgrade when upgrades of all sensors is required? Also let's throw quickly and efficiently into the deployment too? -----Original Message----- From: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com] On Behalf Of Marcus J. Ranum Sent: Wednesday, December 26, 2001 7:58 AM To: Ofir Arkin; 'Lance Spitzner'; 'Talisker' Cc: 'R. DuFresne'; 'ROB SLAUGHTER'; firewall-wizards () nfr com Subject: RE: [fw-wiz] Intrusion Detection Systems, Best of breed? Ofir Arkin wrote:
If they go to the real site and than in another session they try to attack it and get redirected to another host using another stack it
will
be obvious some one if fooling them.
Of course it will!! But by then it will also be obvious to them that you're on to them! For me to fool with you, I have to have detected you... By the time they figure it out, they already know they've lost Round #1. Sure they can come back for Round #2 but I'm not unhappy to have won the first round. :) mjr. --- Marcus J. Ranum Chief Technology Officer, NFR Security, Inc. Work: http://www.nfr.com Personal: http://www.ranum.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Intrusion Detection Systems, Best of breed?, (continued)
- Re: Intrusion Detection Systems, Best of breed? Predrag Zivic (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 23)
- Re: Intrusion Detection Systems, Best of breed? Talisker (Dec 24)
- Re: Intrusion Detection Systems, Best of breed? Lance Spitzner (Dec 25)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Lance Spitzner (Dec 27)
- RE: Intrusion Detection Systems, Best of breed? franks (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? Robin S. Socha (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 26)
- Re: Intrusion Detection Systems, - Honeypots? Lance Spitzner (Dec 27)
- Re: Intrusion Detection Systems, - Honeypots? R. DuFresne (Dec 28)
- Re: Intrusion Detection Systems, - Honeypots? Lance Spitzner (Dec 28)
- Message not available
- Re: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 24)
- RE: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 25)
- Re: Intrusion Detection Systems, Best of breed? Talisker (Dec 26)