IDS mailing list archives
Re: Network IDS
From: Steffen Kluge <kluge () fujitsu com au>
Date: Fri, 22 Aug 2003 11:53:08 +1000
On Fri, 2003-08-22 at 00:42, Barry Fitzgerald wrote:
Andreas Krennmair wrote:Then a NIDS is not the right thing for you. Network Intrusion Detection is not about protecting systems.Now, the semantic argument that says that "NIDS is not about protecting systems" basically states that NIDS is about protecting networks. Factually, this is true - Host IDS is about protecting a *system* and NIDS is about detecting intrusions over the network. But never, ever, ever, ever forget that a network is composed of a group of systems.
I believe Andreas' gripe was not with the word "systems" but with the word "protect". A NIDS *detects* intrusions (or more generally, unusual activity), but it cannot protect against them. It just informs you that they're happening, nothing more, nothing less. Of course, that information can aid *you* in taking steps to mitigate risks or eliminate threats before they become a problem. Most intrusions don't happen like a lightning bolt out of blue sky, they are usually preceded by activity NIDS sensors can spot (vulnerability scanning, random attacks against non-vulnerable systems, etc). Thus, if your NIDS spots the forebodings of intrusions it can give you the critical edge for protecting those vulnerable systems in time. Mind you, hybrid automatic systems do exist, such as combinations of NIDS detection engines and packet filters, but they wouldn't be correctly termed "NIDS". Cheers Steffen.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Network IDS Duston Sickler (Aug 19)
- Re: Network IDS Andreas Krennmair (Aug 21)
- Re: Network IDS Barry Fitzgerald (Aug 21)
- Re: Network IDS Steffen Kluge (Aug 25)
- Re: Network IDS Sam f. Stover (Aug 25)
- Re: Network IDS Barry Fitzgerald (Aug 25)
- Re: Network IDS Andreas Krennmair (Aug 26)
- Re: Network IDS Barry Fitzgerald (Aug 28)
- Re: Network IDS Frank Knobbe (Aug 28)
- Re: Network IDS Mark Teicher (Aug 28)
- Re: Network IDS Frank Knobbe (Aug 28)
- Re: Network IDS Barry Fitzgerald (Aug 21)
- Re: Network IDS Andreas Krennmair (Aug 21)
- Re: Network IDS Andreas Krennmair (Aug 25)
- Re: Network IDS Barry Fitzgerald (Aug 26)