Firewall Wizards mailing list archives
Re: FW appliance comparison - Seeking input for the forum
From: "Paul D. Robertson" <paul () compuwar net>
Date: Fri, 20 Jan 2006 10:00:20 -0500 (EST)
On Fri, 20 Jan 2006, sai wrote:
Ignorance is strenght? No way! IDS should help you figure out what is happening on your network and its environs. Unfortunately keeping the
No, your *policy* should *dictate* what's happening on your network and its environs. Your implementation of that policy should enforce it. If IDS was an audit function, it'd have to be designed to audit against a policy, not be AV-on-the-wire. Lots of people are using IDS as an excuse to not iterate or implement policy or protective controls, and that's a problem.
IDS updated takes time and/or money , plus you have to look at (and understand) the reports (more time and effort). Most people are able to get on with their jobs without knowing what has attacked them, but its certainly good to know.
Again, this assumes that your policy implementation allows attacks to traverse your infrastructure *or* that you're wasting the organization's time passing around reports about how many times NIMDA tried to attack your Solaris box. This is one reason why people with sub-standard security don't get fired when there's an event they clearly should have created "the IDS signature didn't detect it" is becomming a bail-out when people really aren't implementing good security policies. Here's a little tidbit that's about 4 years old now, but ponder it and ask yourself if the IDS is where people *should* be spending their time: Approximately 74% of firewalls are either misconfigured or not configured to block attacks they're capable of blocking in normal operation[1]. Paul [1] No, I don't mean "deny all." Attacks without unduely hindering the organization by blocking legitimate traffic. ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." http://fora.compuwar.net Infosec discussion boards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: FW appliance comparison - Seeking input for the forum, (continued)
- RE: FW appliance comparison - Seeking input for the forum Paul Melson (Jan 17)
- Re: FW appliance comparison - Seeking input for the forum sai (Jan 18)
- Re: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 18)
- RE: FW appliance comparison - Seeking input for the forum Paul Melson (Jan 18)
- RE: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 18)
- RE: FW appliance comparison - Seeking input for the forum Paul Melson (Jan 19)
- Re: FW appliance comparison - Seeking input for the forum sai (Jan 18)
- Re: FW appliance comparison - Seeking input for the forum Devdas Bhagat (Jan 18)
- Re: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 18)
- RE: FW appliance comparison - Seeking input for the forum Paul Melson (Jan 17)
- Re: FW appliance comparison - Seeking input for the forum david_harris (Jan 20)
- Re: FW appliance comparison - Seeking input for the forum sai (Jan 20)
- Re: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 20)
- Re: FW appliance comparison - Seeking input for the forum Devdas Bhagat (Jan 23)
- Re: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 23)
- RE: IDS (was: FW appliance comparison) Ben Nagy (Jan 24)
- Re: RE: IDS Chuck Swiger (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Patrick M. Hausen (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) ArkanoiD (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Cat Okita (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Paul D. Robertson (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Marcus J. Ranum (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Cat Okita (Jan 24)