Firewall Wizards mailing list archives

Re: Intrusion Detection Systems, Best of breed?

From: "Stephen P. Berry" <spb () meshuggeneh net>
Date: Wed, 26 Dec 2001 13:03:24 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Predrag Zivic writes:

Just to add to the mix. Data intrusion detection
system is also one that one should think about. 
How one controls intrusion on confidential documents?


It is interesting that it appears that `computer security' in the common
parlance means network security.  Comparatively few `security gurus'
seems to know much about what I'd categorise broadly as information
security.  I recall once making a `security systems programmer' quite
flustered by insisting that his session authorisation scheme didn't provide
(as he was claiming) data origin authentication or non-repudiability of
the transactions taking place over the session.  This is all Crypto 101
stuff, but beyond many folks with `security expert' crayola'd onto their
business cards.

My take:  There aren't any products (er, sorry...`solutions') out there
that will take care of the sort of data security issues you mention.  At
least not generically, and in any sort of automated or integrated way[0].
There really doesn't seem to be a huge market for this sort of thing (due
at least in part to the fact that many organisations with a need for
this sort of thing don't realise it or think they can get by without
it).  And the field as a whole seems to have fixated on a small number
of technologies (i.e., SSL) which are fairly well suited to solving
a small set of problems.  That they -can- be shoehorned into addressing
other problems has lead many to use them for -all- their data security
applications.  This means that most of the products that are out there
are great if you happen to meet a certain narrow requirements/usage/budget
profile, and they really stink otherwise.





- -Steve

- -----
0       In the sense that you can get an automated NIDS setup from a single
        vendor, for example.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8KjrQG3kIaxeRZl8RAtTdAJ9jJ9OeX6ud/GGjIpxMUxjg1HWwtACgts9D
+87AdakJsccyiLPptgRs+aE=
=t4ok
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Intrusion Detection Systems, Best of breed? ROB SLAUGHTER (Dec 14)
- Re: Intrusion Detection Systems, Best of breed? Talisker (Dec 22)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 23)
  - RE: Intrusion Detection Systems, Best of breed? Predrag Zivic (Dec 23)
    - Re: Intrusion Detection Systems, Best of breed? Stephen P. Berry (Dec 26)
    - Re: Intrusion Detection Systems, Best of breed? Predrag Zivic (Dec 26)
  - RE: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 23)
    - Re: Intrusion Detection Systems, Best of breed? Talisker (Dec 24)
    - Re: Intrusion Detection Systems, Best of breed? Lance Spitzner (Dec 25)
    - RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
    - RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
    - RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
    - RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
    - RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
    - RE: Intrusion Detection Systems, Best of breed? Lance Spitzner (Dec 27)

(Thread continues...)