Firewall Wizards mailing list archives
Re: RE: In defense of non standard ports
From: ArkanoiD <ark () eltex net>
Date: Wed, 25 Jan 2006 14:36:32 +0300
On Tue, Jan 24, 2006 at 08:38:22PM -0600, Tim Shea wrote:
I've been monitoring this discussion and I have issues with two assumptions being made. The first is that all organizations have security professionals with some pull with management. Politics plays a big part and unless you can sell a solution or are hacked sideways nothing will be done. This is the frustration of many technical security professionals.
If an organization does not have security professionals, it should hire them first instead of trying to deploy technical solutions according to its manager's profane vision. It is way better investement, not a waste of money at least.
Lets take the above issue - all tcp ports outbound are open. Throwing in an IDS is an quick way to gather appropriate information to help sell to management that they have a real problem. Just telling them "all ports outbound bad" does not work. In addition - the log output from [insert whatever firewall here] is either not detailed enough or the volume is so high that it is not always practical to run analyze on the output. Second issue I have is that running IDS's takes a lot of time. That is bull. I had a vendor in today that was going off about such nonsense. It is just like any other service. You plan, implement, and manage that service appropriately. If you are spending all your time updating rules and keeping things in sync - your problem is not the ids but your operational processes.
It does. No IDS can run in semi-authonomous mode, someone should keep an eye for it, so it is more expensive than it appears to be or just useless.
IDS have their place as any other service but saying they are useless or offering a negative opinion on an organizations internal controls (or lack of them) does not help that individual solve a problem. t.s _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: RE: In defense of non standard ports, (continued)
- Re: RE: In defense of non standard ports Tobias Reckhard (Jan 24)
- Re: RE: In defense of non standard ports James (Jan 24)
- Re: RE: In defense of non standard ports ArkanoiD (Jan 24)
- Re: RE: In defense of non standard ports Chuck Swiger (Jan 24)
- Re: RE: In defense of non standard ports Marcus J. Ranum (Jan 24)
- Re: RE: In defense of non standard ports Paul D. Robertson (Jan 24)
- Re: RE: In defense of non standard ports Tim Shea (Jan 24)
- Re: RE: In defense of non standard ports Paul D. Robertson (Jan 24)
- Message not available
- RE: In defense of non standard ports Brian Loe (Jan 24)
- Message not available
- Re: RE: In defense of non standard ports Marcus J. Ranum (Jan 24)
- Re: RE: In defense of non standard ports ArkanoiD (Jan 25)
- RE: RE: In defense of non standard ports Bill Royds (Jan 24)
- Re: RE: In defense of non standard ports Karl (Jan 24)