IDS mailing list archives
Re: IDS testing methodologies s tart
From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Mon, 5 Jan 2004 16:51:48 -0800 (PST)
hi ya mike
On Fri, 2004-01-02 at 08:52, Alvin Oga wrote:in my book ... ( small world ) .. an IDS is not very useful, because, the cracker is already in your network ... game over ...Don't forget that once in, you still have to get him out. If the cracker is in, the game has only just begun. If the guy has touched more than one system, IDS can still play a major roll here, especially your home grown IDS systems that are tailored to your environment.
yes.. yes.. .definitely... clarification .. "game over" was meant that the prevention and hardening left a hole/vulnerability/exploit that was readily exploitable by the script kiddie or determined cracker ... yes.. the fun definitely starts when one detects a cracked box - i'm prefer spending my time in prevention/hardening/policy/etc vs "detecting the cracker" - "detecting the cracker got in" implies you're cracked... ( too late in my book ) - costs ... lot cheaper to prevent the obvious vulnerabilities ... rough orders of magnitude of costs ... $ 0.01 prevention and hardening and security policy ( fun stuff ) $ 0.10 ids and detecting -- ( too many false alarms ) $ 1.00 cleanup after compromizes - ( fun stuff ) - the clients or companies or home users paying the "it/security" budget can determine where they wanna spend their $$$ .... - i like it when they call for help to come clean things up .. c ya alvin --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- IDS testing methodologies Henrik Falkenthros, direktoer (Jan 02)
- Re: IDS testing methodologies Nigel Houghton (Jan 02)
- Re: IDS testing methodologies Ron Gula (Jan 02)
- Re: IDS testing methodologies Alvin Oga (Jan 02)
- Re: IDS testing methodologies James Riden (Jan 05)
- Re: IDS testing methodologies Mike Lyman (Jan 05)
- Re: IDS testing methodologies s tart Alvin Oga (Jan 06)
- Re: IDS testing methodologies Stephen P. Berry (Jan 06)
- Re: IDS testing methodologies Sam f. Stover (Jan 02)
- RE: IDS testing methodologies Henrik Falkenthros, direktoer (Jan 05)
- Re: IDS testing methodologies hoop (Jan 05)
- Re: IDS testing methodologies Raffael Marty (Jan 08)
- <Possible follow-ups>
- RE: IDS testing methodologies Bob Walder (Jan 02)
- RE: IDS testing methodologies Raj_Dhingra (Jan 05)