Re: Intrusion Prevention Firewall

[dont <dont () csds uidaho edu>]

On Fri, 5 Apr 2002, Gary Flynn wrote:

> I want the IDP to simply drop the offending packet(s). :)

again, we seem to be putting the cart before the horse.  let's figure out
how to detect first, then we (i.e., someone else's PhD) can decide how to
respond.

> > but is the goal to reduce the manpower
> > requirement for an Intelligent Human analyst?
>
> No. Its to create an effective intrusion prevention system instead of
> an alarm system that does nothing to stop attacks.

My thought and work is to try and create a symbiosis between man and
machine, in such a way that the machine becomes a problem-solving partner
with the operator and guides in the decision-making.  Yes, I know it is a
fantasy, but, darnit, it's MY fantasy!  :-)

> network. But I would think it would be possible to identify a
> fair number of them. Am I wrong? Naive?

Well, we are not there yet.  About all we can detect are the trucks
driving through honking there horns saying "Hey, look at me", regardless
of what vendors tell you.  Again, though, reliable detection is my
fantasy.  Unfortunately, because it is not a short-term research thing
with ROI results, no one really wants to fund anything that is not "almost
done."

don tobin
struggling student at univ of idaho

==========================================================================
Men are from Earth.  Women are from Earth.  Deal with it!
==========================================================================
dont () csds uidaho edu           WebSpace - http://www.csds.uidaho.edu/~dont

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards