IDS mailing list archives

Re: [security-elvandar] Re: Rather funny; looks like page defacement to me

From: Remko Lodder <remko () elvandar org>
Date: Tue, 17 Jun 2003 21:27:24 +0200

Quoting adam <eggroid () hotpop com>:

Well , they could partly be right.

When firewalls keep evolving and can implement stuff that is nowadays
implemented in IDS software it would be possible someday.

However, my opinion is that IDS sensors is needed at current time, since there
is no other possibility to detect strange traffic patterns [ like a undetected
virus.. ] at this current point in time, i think.

Also i think that seperated IDS Sensors and Firewalls are better performing than
that it's implemented into one component. The only problem here lies in the
management people who decide what hardware to buy for their network security.
When they find products that implement Firewalling / Antivirus / IDS in a
single product with a nice pricetag they will surely sooner choose that product
then any other product.

When IDS'es keep evolving in the way they do now i dont think that they will
have anything to fear for the next 4/5 years at least. Since firewalls need to
be better and better and IDS'es need to be better and better they will be
seperated in development for the next couple of years.

But then again, that is my opinion :-)

Is there anyone of the 'other' side who agrees with gartner? Perhaps it can be
an interesting discussion between pro ids' persons and pro firewall persons?

Cheers!

I thought this was a joke too - but sadly, it's not.  Monday, at the
Security Interest Group seminar in Dearborn, MI (Detroit area) Gartner
is scheduled to speak on "Intrusion Detection is Dead, Intrusion
Prevention is Stillborn, Firewalls are the Future."  Hard to believe,
isn't it?

Anton Chuvakin wrote:

All,

This link posted on the snort site. I figured I'd send it to the list,
since its a fascinating read.

http://www.gartner.com/5_about/press_releases/pr11june2003c.jsp

My first impression was that it is a page defacement, so outrageous some
claims are. For instance, did you know that IDS actually _cause_ incident
response to happen? :-) Or this gem : "Money Slated for Intrusion
Detection Should Be Invested in Firewalls"?

Best,

-------------------------------------------------------------------------------

INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities
- including intrusion identification, relevancy, direction, impact and
analysis
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and
Requirements" at:
http://www.securityfocus.com/IntruVert-focus-ids2

-------------------------------------------------------------------------------



--

Met vriendelijke groet,

Remko Lodder
Webmaster Elvandar.org
Webmaster Firewalladministrator.org

Member of www.dshield.org Distributed Instrusion Detection
Member of www.dsinet.org Dutch Security Information Network

/*
$(echo 'find / -perm -004000'|sed -n -e 's/([^-]*)(.*)/21/g' -e 's/([^,]
*)e//g' -e 's/0//g' -e 's/4/r/g' -e 's/ind//p')
*/

-------------------------------------------------
http://www.elvandar.org Homepage Elvandar.org Security related
http://www.grunn.org Homepage of grunn.org
http://www.mostly-harmless.nl Wanna learn unix systems and about security? (dutch spoken)
http://www.dsinet.org Dutch Security Information Network
http://www.koekiemonster.com A site about dancing
http://www.piare.org Homepage Piare.org

-------------------------------------------------
This mail is for the addressee only. If you are
not that person please delete this mail right
now. Also be notified that every mail sent will
be scanned by our virusscanner.

Deze mail is bedoeld voor de geaddresseerde.
Als u niet deze persoon bent wordt u verzocht
om het mailtje direct te verwijderen. Wees er
ook van op de hoogte dat alle mailtjes gescanned
worden door onze virusscanner

----The mailserver daemon.
-------------------------------------------------

Attachment: _bin
Description: Digitale PGP handtekening

Attachment: _bin
Description: Openbare PGP sleutel

-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------

Current thread:

Rather funny; looks like page defacement to me Anton Chuvakin (Jun 13)
- Re: Rather funny; looks like page defacement to me adam (Jun 14)
  - Re: [security-elvandar] Re: Rather funny; looks like page defacement to me Remko Lodder (Jun 18)
    - Re: [security-elvandar] Re: Rather funny; looks like page defacement to me Paul Schmehl (Jun 18)
- Re: Rather funny; looks like page defacement to me Jerry M. Howell II (Jun 14)
- Re: Rather funny; looks like page defacement to me Michael Sierchio (Jun 17)
- Re: Rather funny; looks like page defacement to me Paul Schmehl (Jun 17)
- Re: Rather funny; looks like page defacement to me George W. Capehart (Jun 17)
- Gartner comments (was Re: Rather funny; looks like page defacement to me) Randy Taylor (Jun 17)
- <Possible follow-ups>
- Re: Rather funny; looks like page defacement to me broyds (Jun 14)
  - RE: IDS failures and avoiding them (WAS: Rather funny; looks like page defacement to me) Mike Lyman (Jun 17)
    - RE: IDS failures and avoiding them (WAS: Rather funny; looks like page defacement to me) Jim Butterworth (Jun 17)
    - RE: IDS failures and avoiding them (WAS: Rather funny; looks like page defacement to me) Angel Rivera (Jun 17)

(Thread continues...)