IDS mailing list archives
Re: Is IDS/IPS worthless?
From: Mike Hoskins <mike () adept org>
Date: Mon, 23 Feb 2004 15:24:30 -0800 (PST)
On Sun, 22 Feb 2004, Olaf Gellert wrote:
It is even worse: The system does not make people feel better (like a firewall), but it may show you all the dangers coming from the net and the vulnerability of you own network. So a big part of this is simple psychology.
if you have a firewall (only) and monitor the logs it produces (you do, right? otherwise it is not being fully utilized, and you are probably being negligent if you wear a security hat.), you will see numerous "dangers coming from the net". seeing dangers is better than not seeing them, which i think is relatively easy to understand for security staff. why is it so hard in the business world? i'd think it would be easy to understand there as well -- seeing similar things wrt stock prices or other monetary incarnations would be considered "unfair advantage". what tech business wouldn't want as many technical advantages as possible?
It is like so many trends in IT-business. First it get's hyped with big promises, then people are disappointed, because their high expectations are not met and they realize that thinks are expensive.
actually, to be fair, that's an engineering phenomenon in general. engineers tell sales people what's possible, sales people sell what the customers want, engineers are forced to implement it no matter how (in)feasible. this has been happening... for as long as i've had a job, and certainly not just in the security industry.
This is my view of IDS in the near future: IDS has to be improved step by step.
i think we can all agree here... technology should continuously improve. as a lefty, i've even found myself questioning the value of right-handed scissors. of course, cutlery manufacturers now offer scissors for left-handed people... the improvement made me happy, but both sets of scissors could cut things. (i just have to hold right-handed scissors in my right hand. e.g. do a bit more work.) a poor analogy i know, but i think knowing things need to improve is quite different than arguing those things have little/no value. but i digress, i am obviously rather emotional/biased wrt IDS/IPS and the "value" of security in general. -m --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219 ---------------------------------------------------------------------------
Current thread:
- RE: Is IDS/IPS worthless?, (continued)
- RE: Is IDS/IPS worthless? Omar Herrera (Feb 23)
- Re: Is IDS/IPS worthless? Michael Stone (Feb 23)
- Re: Is IDS/IPS worthless? Andy Cuff (Feb 23)
- Re: Is IDS/IPS worthless? Mike Hoskins (Feb 23)
- Re: Is IDS/IPS worthless? Olaf Gellert (Feb 23)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- Re: Is IDS/IPS worthless? Olaf Gellert (Feb 23)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- Re: Is IDS/IPS worthless? Xiaoyong Wu (Feb 24)
- Re: Is IDS/IPS worthless? Michael Stone (Feb 25)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- Re: Is IDS/IPS worthless? Mike Hoskins (Feb 23)
- RE: Is IDS/IPS worthless? Martin (Feb 23)