IDS mailing list archives

Re: IDS is dead, etc

From: Bennett Todd <bet () rahul net>
Date: Fri, 8 Aug 2003 13:15:47 -0400

2003-08-08T12:37:24 Scott Wimer:

The assumption that human beings can design, write, and install 
software without error is WRONG.


No disagreement there. I don't presume software without error.

I do maintain, however, that by combining tight configuration
control with complete abstinance from known-bad software, you can
raise the barrier sufficiently high that the attacks that succeed
will be so wildly new and out of left field that your IDS would be
no more help than your firewall. IDSes detect known problems;
they're the "anti-virus scanners" of the network.

Given such a setting, an IDS is still a great idea, as an
educational tool, but it's not helping to tighten your protections,
because it won't alarm on anything that succeeds.

-Bennett

Attachment: _bin
Description:

Current thread:

Re: IDS is dead, etc, (continued)
- - - Re: IDS is dead, etc maz (Aug 07)
    - Re: IDS is dead, etc M. Dodge Mumford (Aug 07)
- RE: IDS is dead, etc Tom Arseneault (Aug 06)
  - RE: IDS is dead, etc Mark Tinberg (Aug 07)
- RE: IDS is dead, etc Tom Arseneault (Aug 07)
  - Re: IDS is dead, etc Sebastian Schneider (Aug 07)
  - Re: IDS is dead, etc Barry Fitzgerald (Aug 07)
    - Re: IDS is dead, etc Bennett Todd (Aug 08)
    - Re: IDS is dead, etc Sam f. Stover (Aug 11)
    - Re: IDS is dead, etc Scott Wimer (Aug 11)
    - Re: IDS is dead, etc Bennett Todd (Aug 11)
    - Re: IDS is dead, etc Scott Wimer (Aug 11)
    - Re: IDS is dead, etc Bennett Todd (Aug 11)
    - Re: IDS is dead, etc Scott Wimer (Aug 11)
    - Re: IDS is dead, etc Bennett Todd (Aug 11)
    - RE: IDS is dead, etc Security Conscious (Aug 11)
    - Re: IDS is dead, etc Jason Haar (Aug 11)
    - Re: IDS is dead, etc Frank Knobbe (Aug 11)
    - RE: IDS is dead, etc Bob Buel (Aug 11)
    - Re: IDS is dead, etc Barry Fitzgerald (Aug 11)
    - Belaboring the point of FPs Paul Schmehl (Aug 12)

(Thread continues...)