Re: IDS is dead, etc

[Paul Schmehl <pauls () utdallas edu>]

--On Wednesday, August 13, 2003 12:22 PM -0400 Jonathan Rickman 
<jonathan () xcorps net> wrote:

> On Wednesday 13 August 2003 01:01, Omar Herrera wrote:
>
> > The key is "correlation", and right now I don't se a better security
> > solution than a well prepared security professional to correlate that.
>
> I think that will remain the case for a long time to come. After all,
> security is a process. The process involves technical and human factors.
> Attempting to engineer people out of the process will ultimately fail.
> Systems only have two possible answers to any given question...yes or no.

Are you really serious about this?  Because I don't think you could 
possibly be more wrong.  There are an infinite number of answers that can 
be returned for a given set of parameters, not a simple yes or no.  Mind 
you, I'm not arguing that you can solve every problem with an algorithm, 
but *surely* you don't really believe that algorithms can only respond with 
binary answers?  If this were really true, it wouldn't even be possible to 
have more than two alert levels - Alert or no alert.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------