IDS mailing list archives
Re: IDS is dead, etc
From: Bennett Todd <bet () rahul net>
Date: Fri, 8 Aug 2003 13:15:47 -0400
2003-08-08T12:37:24 Scott Wimer:
The assumption that human beings can design, write, and install software without error is WRONG.
No disagreement there. I don't presume software without error. I do maintain, however, that by combining tight configuration control with complete abstinance from known-bad software, you can raise the barrier sufficiently high that the attacks that succeed will be so wildly new and out of left field that your IDS would be no more help than your firewall. IDSes detect known problems; they're the "anti-virus scanners" of the network. Given such a setting, an IDS is still a great idea, as an educational tool, but it's not helping to tighten your protections, because it won't alarm on anything that succeeds. -Bennett
Attachment:
_bin
Description:
Current thread:
- Re: IDS is dead, etc, (continued)
- Re: IDS is dead, etc maz (Aug 07)
- Re: IDS is dead, etc M. Dodge Mumford (Aug 07)
- RE: IDS is dead, etc Tom Arseneault (Aug 06)
- RE: IDS is dead, etc Mark Tinberg (Aug 07)
- RE: IDS is dead, etc Tom Arseneault (Aug 07)
- Re: IDS is dead, etc Sebastian Schneider (Aug 07)
- Re: IDS is dead, etc Barry Fitzgerald (Aug 07)
- Re: IDS is dead, etc Bennett Todd (Aug 08)
- Re: IDS is dead, etc Sam f. Stover (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- RE: IDS is dead, etc Security Conscious (Aug 11)
- Re: IDS is dead, etc Jason Haar (Aug 11)
- Re: IDS is dead, etc Frank Knobbe (Aug 11)
- RE: IDS is dead, etc Bob Buel (Aug 11)
- Re: IDS is dead, etc Barry Fitzgerald (Aug 11)
- Belaboring the point of FPs Paul Schmehl (Aug 12)