Firewall Wizards mailing list archives
Re: The value of detecting neutralized threats. (was RE: IDS bla
From: Vik Bajaj <vbajaj () sas upenn edu>
Date: Fri, 29 Jan 1999 23:17:00 -0500 (EST)
It does not follow from the simple fact that a threat is known, perceived, or detected that a response should be mounted. If we accept that assertion, than no IDS can ever be successful. In fact, a persuasive argument can bemade What assertion? That IDS involves more than just a RealSecure or NFR box? That there is all sorts of work that goes into figuring out whether or not a response should be mounted?
No, I didn't meant to imply that it was your assertion by quoting your post. In fact, I think we are in agreement that an obviously great amount of thought goes into, first, designing an IDS, and second, deciding on what to do with the information the system collects. My point was that these two tasks are obviously seperable, and that there is an extreme case in which you can collect an arbitrary amount of information and do nothing with it. My philosophy is to assemble a system that, in general, collects data from both sides of the segment and discards --Vik
Current thread:
- Re: The value of detecting neutralized threats. (was RE: IDS bla Vik Bajaj (Feb 01)
- <Possible follow-ups>
- Re: The value of detecting neutralized threats. (was RE: IDS bla Stephen P. Berry (Feb 01)