IDS mailing list archives
Re: Network IDS
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Wed, 27 Aug 2003 09:38:10 -0400
Andreas Krennmair wrote:
This analogy is flawed - network intrusion detection systems can't be seen. That's the big difference to the light in the house or the explosives.
You misread my analogy - that was precisely my point:The "light/explosive" analogy was for local machine defense software or IPS. The fact that the IDS system isn't observed is what gives it it's value.
My analogy isn't flawed - you simply misread it.
How is your system protected when the exploit succeeds and is detected by the NIDS? Your system is compromised. The only thing where NIDS could be interesting is to record all attacks and to separate the known exploits from the unknown ones. That is, IMHO, the only really useful way NIDS could be used.
How is your system protected if you're compromised and have no detection system in place?
-Barry ---------------------------------------------------------------------------Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------
Current thread:
- Network IDS Duston Sickler (Aug 19)
- Re: Network IDS Andreas Krennmair (Aug 21)
- Re: Network IDS Barry Fitzgerald (Aug 21)
- Re: Network IDS Steffen Kluge (Aug 25)
- Re: Network IDS Sam f. Stover (Aug 25)
- Re: Network IDS Barry Fitzgerald (Aug 25)
- Re: Network IDS Andreas Krennmair (Aug 26)
- Re: Network IDS Barry Fitzgerald (Aug 28)
- Re: Network IDS Frank Knobbe (Aug 28)
- Re: Network IDS Mark Teicher (Aug 28)
- Re: Network IDS Frank Knobbe (Aug 28)
- Re: Network IDS Barry Fitzgerald (Aug 21)
- Re: Network IDS Andreas Krennmair (Aug 21)
- Re: Network IDS Andreas Krennmair (Aug 25)
- Re: Network IDS Barry Fitzgerald (Aug 26)
- <Possible follow-ups>
- RE: Network IDS Robert.Lupo (Aug 21)
- Re: Network IDS Gary Flynn (Aug 21)
- RE: Network IDS Steffen Kluge (Aug 25)