Re: so, is I[dp]S a STUPID technology?

[Paul Schmehl <pauls () utdallas edu>]

--On Tuesday, October 11, 2005 21:32:34 +0200 Gadi Evron <ge () linuxbox org> 
wrote:

> I won't tell you my opinion (yet) - check out Aviram's:
>
> http://blogs.securiteam.com/index.php/archives/114
Real world experience refutes him.  We're using TIppingpoint at the edge, 
and I can assure you it's in blocking mode.  It's reduced the number of 
attacks we were seeing by over two thirds.

*No* technology can solve *every* problem, but each piece of the puzzle 
makes you a little safer.  (Remember layered security?)  Oh, and snort - 
has been *extremely* useful at detecting problems emanating *from* our 
network.

It's nice to be able to sit back in ivory towers and theorize, but some of 
us have to actually deal with the crap floating around in the ether and 
both IDS and IPS have their useful place in the grand scheme of things.

Will they stop mr. uber-hacker?  No, but then neither will I.  :-)

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.