IDS mailing list archives
Re: True definition of Intrusion Prevention
From: George Capehart <gwc () acm org>
Date: Sat, 3 Jan 2004 12:31:22 -0500
On Saturday 03 January 2004 10:28 am, Teicher, Mark (Mark) wrote: <snip>
A quote from Marcus J. Ranum's book "The Myth of Homeland Security" Marcus states "If you consider the hundreds or thousands of applications and crucial files on a given computer or network, you can imagine that the number of possible combinations for mayhem is literally astronomical." (Available via Amazon..[blatant advertisement here, it is on my recommended book list] :) Most commercial and open source operating systems and security products contains countless bugs because when the core architecture was written, it was designed to be feature rich (i.e. a slick UI,etc), and offer the customer a few key security features that unless they were really knowledgeable, a majority of the security features were never enabled, since Internet enabled services are designed for availability, and not security.
Whew! This thread has generated a lot more conversation than I would have imagined. I started to try to respond to all of the messages from Mark, Brian and Fengmin, but it would take me 'way too long and I'd repeat myself a lot . . . ;-) So I'm going to try to condense my thoughts into one short paragraph. Firstly, this thread has confirmed my personal opinion that intrusion prevention is not a very useful term and if we, as an industry take that up as a holy grail, we will waste a *lot* of cycles and accomplish little. I'd like to punt and say that what we really need to do is manage risk. A good, robust risk management process will lead an organization to the optimal (for that organization) set of controls for managing the risks it faces. The solution set that one organization chooses will be *very* different from that of another. I'm going to shut up now. This message started out much longer than it is now, but all I was doing was making the dead horse twitch with the beating . . . . ;-) Thanks for a great thread everyone! /g --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- RE: True definition of Intrusion Prevention, (continued)
- RE: True definition of Intrusion Prevention Brian Taylor (Jan 05)
- Re: True definition of Intrusion Prevention Gary Flynn (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Bohling James CONT JBC (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Fengmin_Gong (Jan 05)
- RE: True definition of Intrusion Prevention Fengmin_Gong (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- Re: True definition of Intrusion Prevention Frank Knobbe (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Bohling James CONT JBC (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Vigilant Labs (Jan 07)
- Re: True definition of Intrusion Prevention George Capehart (Jan 07)
- Re: True definition of Intrusion Prevention Andrew Plato (Jan 08)