IDS mailing list archives
re[2]: Intrusion Risk Assessment
From: Richard Bennison <richard.bennison () tolerant co uk>
Date: Wed, 8 Jan 2003 16:52:05 +0000
The problem with this is, define "damage." IDS systems are not aware of
the nature of what they defend. An IIS exploit might be utterly useless against an apache web server, but the IDS is not intrinically aware of which servers are apache and which are IIS. Add to that the fact that such severity levels as "minor damage" or "minimal access to recover," are dependent upon the information stored on a machine (which no current IDS could ever be cognizant of) as well as the role of that machine. < Accounting for the string above, this is where the relationship between vulnerability assessment (VA) and Intrusion detection/prevention (IDP) becomes key. If a NIDS or HIDS is aware of the nature of the system(s) it is protecting then it can respond relative to the liability of the system to the attack. Apologies if this is answering the incorrect string.... It is untrue that IDP cannot be cognizant of the systems protected, as although you may not be able to respond relative to the box type, you can respond based on patch liability or services running on the box i.e. IIS attacks on Apache, if the IDP knows that the box is not running IIS (or is running IIS patched) why would it need to block/report the attack. As such if you impliment a VA/IDP interaction that scans systems and primes IDP to react appropriately then a score may be applied to each attack per system. There is a system out there that does this, let me know if you want more details. Rich
Current thread:
- Intrusion Risk Assessment Robert_Huber (Jan 06)
- RE: Intrusion Risk Assessment Rob Shein (Jan 07)
- Re: Intrusion Risk Assessment Herve Debar (Jan 07)
- <Possible follow-ups>
- RE: Intrusion Risk Assessment Alan Shimel (Jan 07)
- Re: Intrusion Risk Assessment Fernando Cardoso (Jan 07)
- RE: Intrusion Risk Assessment Robert Buckley (Jan 07)
- FW: Intrusion Risk Assessment Peter Schwarz (Jan 07)
- re[2]: Intrusion Risk Assessment Richard Bennison (Jan 08)
- re[2]: Intrusion Risk Assessment Ron Gula (Jan 10)
- RE: VA/IDS Integration (Was: RE: re[2]: Intrusion Risk Assessment) David J. Meltzer (Jan 10)
- re[2]: Intrusion Risk Assessment Ron Gula (Jan 10)
- RE: Intrusion Risk Assessment Nicole Nicholson (Jan 08)
- RE: Intrusion Risk Assessment Fengmin Gong (Jan 21)