IDS mailing list archives
Re: IDS is dead, etc
From: Frank Knobbe <frank () knobbe us>
Date: Mon, 11 Aug 2003 13:58:54 -0500
On Fri, 2003-08-08 at 12:15, Bennett Todd wrote:
I do maintain, however, that by combining tight configuration control with complete abstinance from known-bad software, you can raise the barrier sufficiently high that the attacks that succeed will be so wildly new and out of left field that your IDS would be no more help than your firewall. IDSes detect known problems; they're the "anti-virus scanners" of the network.
If you limit your thinking to signature based IDS's then yes. However, anomalies, abnormal traffic, policy violations, and other "weird stuff" *can* be detected by IDS's (if so configured), and let's you move the detection capabilities beyond the "known stuff". Marty brought up the point about how people use/not-use Snort. Snort rocks because it is so configurable, as Marty said, a framework for your custom solution (in your custom network). With Snort we can do anomaly detection and catch a lot of "unkowns". Other IDS's may not be as flexible, but that doesn't mean that Intrusion Detection can not detect the abnormal things. If your IDS just acts as a network based virus scanner, perhaps you need to take a look at some other IDS's. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: IDS is dead, etc, (continued)
- Re: IDS is dead, etc Bennett Todd (Aug 08)
- Re: IDS is dead, etc Sam f. Stover (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- RE: IDS is dead, etc Security Conscious (Aug 11)
- Re: IDS is dead, etc Jason Haar (Aug 11)
- Re: IDS is dead, etc Frank Knobbe (Aug 11)
- RE: IDS is dead, etc Bob Buel (Aug 11)
- Re: IDS is dead, etc Barry Fitzgerald (Aug 11)
- Belaboring the point of FPs Paul Schmehl (Aug 12)
- Re: Belaboring the point of FPs Martin Roesch (Aug 13)
- Message not available
- Off-Topic: perfect firewall (was Re: IDS is dead, etc) Bennett Todd (Aug 11)
- RE: IDS is dead, etc Omar Herrera (Aug 13)
- Re: IDS is dead, etc Jonathan Rickman (Aug 15)
- Re: IDS is dead, etc Paul Schmehl (Aug 19)
- Re: IDS is dead, etc Jonathan Rickman (Aug 21)