funsec mailing list archives
Re: so, is I[dp]S a STUPID technology?
From: Jordan Wiens <numatrix () ufl edu>
Date: Tue, 11 Oct 2005 16:27:30 -0400 (EDT)
On Tue, 11 Oct 2005, Paul Schmehl wrote:
--On Tuesday, October 11, 2005 21:32:34 +0200 Gadi Evron <ge () linuxbox org> wrote:Real world experience refutes him. We're using TIppingpoint at the edge, and I can assure you it's in blocking mode. It's reduced the number of attacks we were seeing by over two thirds.I won't tell you my opinion (yet) - check out Aviram's: http://blogs.securiteam.com/index.php/archives/114
Concur -- in our case, we're not able to run anything blocking yet, but we've built our own automated systems to respond to incidents with other out of band methods: deauthenticate users on auth networks, directly email admins of compromised machines, etc. We plan on adding dynamic firewalling and a few other fun tricks in the future.
If I were to release actual numbers of incidents, my boss would kill me, but this is a closed list with strict disclosure rules, so I feel comfortable in saying that my IDS catches LOTS of incidents. And I do mean LOTS. Incidents that would otherwise go undetected for quite some time. From the large medical institution that receives their networking nearby to the thousands of students, we get incidents throughout every subset of campus.
*No* technology can solve *every* problem, but each piece of the puzzle makes you a little safer. (Remember layered security?) Oh, and snort - has been *extremely* useful at detecting problems emanating *from* our network.
Exactly. No firewall, no IDS, no IPS is the answer to security problems. Implementing those things, evaluating them, improving them, looking for new ways to approach the problem, those are ALL part of the answer to security problems. If security is a process (haven't heard Schneier's oft quoted phrase lately, seems like a good time to resurrect it) then it's stupid to ask what product is the answer. Every little piece helps, and I can assure you that the numbers and facts here at my place of business indicate that IDS does indeed help.
-- Jordan Wiens, CISSP UF Network Security Engineer (352)392-2061 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- so, is I[dp]S a STUPID technology? Gadi Evron (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Jordan Wiens (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Aviram Jenik (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Blue Boar (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Aviram Jenik (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Jordan Wiens (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Blue Boar (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Blue Boar (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 11)