IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Network IDS

From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Wed, 27 Aug 2003 09:38:10 -0400
Andreas Krennmair wrote:



This analogy is flawed - network intrusion detection systems can't be
seen. That's the big difference to the light in the house or the
explosives.


You misread my analogy - that was precisely my point:
The "light/explosive" analogy was for local machine defense software or IPS. The fact that the IDS system isn't observed is what gives it it's value. 

My analogy isn't flawed - you simply misread it.


How is your system protected when the exploit succeeds and is detected
by the NIDS? Your system is compromised. The only thing where NIDS could
be interesting is to record all attacks and to separate the known
exploits from the unknown ones. That is, IMHO, the only really useful
way NIDS could be used.
How is your system protected if you're compromised and have no detection system in place? 

      -Barry





---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world’s premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com 
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: