IDS mailing list archives
Re: Network IDS
From: "Stephen P. Berry" <spb () meshuggeneh net>
Date: Thu, 28 Aug 2003 19:42:57 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew Plato writes:
1. I think ISS's NIDS is great, but when it comes to interfacing with OPSEC, I get queasy with that idea. I have a philosophical problem with a independent system writing rules into another system. Its asking for problems. Every time I see this implemented, it gets messed up somehow and either doesn't block when it should, or blocks the wrong things. Maybe its just because everyone who I've worked with that did this is lame. Nevertheless, the OPSEC connection always sounds better as a concept then it does when its actually implemented.
I know what you mean. In my experience, using a NIDS is a lot like reading USENET: I've learned a lot of interesting and valuable things that I wouldn't have learned otherwise...but nevertheless the overwhelming bulk of it ranges from the useless to the outright insane. So if you're relying on an IPS for policy based routing, I guess the analogy would be to instantly obey all suggestions you read on USENET. My assumption is that this would get you arrested or dead in fairly short order (although potentially with significantly enhanced genital dimensions). Maybe it's just me. Most of the time I'm worried about whether or not my NIDS is clever enough that I'm willing to let it page me, much less let it handle routing. Has someone managed to solve the false positive problem while I've been hidden away writing ornate and useless statistical analysis code? - -spb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (OpenBSD) iD8DBQE/Tr1nG3kIaxeRZl8RAp8IAJ9ANoqoX0lLwWYBAxpnyDGi5XC8KwCeLTca kOg8iF2rJUHnzOsrA2b9wlg= =Avt6 -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ---------------------------------------------------------------------------
Current thread:
- Re: Network IDS, (continued)
- Re: Network IDS José Joaquín (Aug 21)
- RE: Network IDS Zach Forsyth (Aug 25)
- RE: Network IDS Zach Forsyth (Aug 25)
- Re: Network IDS Joel Snyder (Aug 26)
- Re: Network IDS Andreas Krennmair (Aug 26)
- RE: Network IDS Scott M. Trieste (Aug 26)
- RE: Network IDS Frank Knobbe (Aug 28)
- RE: Network IDS Mark Teicher (Aug 28)
- RE: Network IDS Frank Knobbe (Aug 28)
- RE: Network IDS Zach Forsyth (Aug 26)
- Re: Network IDS Andrew Plato (Aug 28)
- Re: Network IDS Stephen P. Berry (Aug 29)