IDS mailing list archives
RE: IDS is dead, etc
From: "Security Conscious" <mail () security-conscious com>
Date: Mon, 11 Aug 2003 12:56:23 -0400
Imho, a perfectly implemented firewall is one that optimally enforces the access control policy of the organization. Unfortunately many companies access control policies require allowing insecure and/or potentially vulnerable protocols into the network for e-commerce, office productivity, etc. I don't see this changing anytime soon. How does this relate to IDS is Dead? When companies open themselves up to risk, they should audit what they cannot control (prevent). I look at IDS as an extension of the audit function and when the SEC stops requiring companies to audit their financial statements, I'll believe IT can stop auditing their networks and systems. Chris Petersen President/CTO Security Conscious, Inc. (703) 873-4739 (direct) (301) 523-1989 (mobile) chris () security-conscious com www.security-conscious.com
-----Original Message----- From: Scott Wimer [mailto:scottw () cylant com] Sent: Friday, August 08, 2003 2:15 PM To: Bennett Todd Cc: Barry Fitzgerald; Tom Arseneault; 'Mark Tinberg'; 'Paul Schmehl'; focus-ids () securityfocus com Subject: Re: IDS is dead, etc Bennet, Here's the quote about perfecty implemented firewalls that I think is germain. Hopefully I'm not taking it out of context: "A perfectly implemented firewall allows no protocols through for which there are vulnerable implementations inside. That means it's impossible to implement a perfect firewall if you're going to allow Windows users to have internet access." I may very well be putting words in your mouth (for which I appologize) when I write about the silliness of expecting that any protocol will be implemented vulnerability free -- on any platform. Bennett Todd wrote:I've heard of one device that I can believe can alert on aheretoforetotally unknown exploit. Not all of 'em, of course, butsome. That'sMazu Networks's enforcer/profiler gizmos. I myself wouldn'tcall 'eman IDS, I think they're something different, much morevaluable, andtheir IDS functionality is the smallest part of whatthey're good at.To my tastes, their host classification and "what-if" modelling are the really hot capabilities. If they were as affordable as an IDS, then I think they'd help bolster your claim, but they really are something else and different.After a brief review of Mazu's Profiler and Enforcer docs, I'm currious how it handles attacks that come in via encrypted means. I'm not convinced that a NIDS can be more than a network management tool. With the caveat for things like floods of various types. From what I've seen, to detect and respond to all categories of exploits in a timely manner requires some sort of defense mechanism implemnted at the host. This prejudice may come from the work we do on host based IPS systems though. But, it's the only way I've seen to reliably stop exploits whether they are previously known or not. Regards, scottwimer -- Scott M. Wimer, CTO Cylant www.cylant.com 121 Sweet Ave. v. (208) 883-4892 Suite 123 c. (208) 301-0370 Moscow, ID 83843 There is no Security without Control. -------------------------------------------------------------- ------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.captusnetworks.com/ads/31.htm -------------------------------------------------------------- -------------
--------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.captusnetworks.com/ads/31.htm ---------------------------------------------------------------------------
Current thread:
- Re: IDS is dead, etc, (continued)
- Re: IDS is dead, etc Sebastian Schneider (Aug 07)
- Re: IDS is dead, etc Barry Fitzgerald (Aug 07)
- Re: IDS is dead, etc Bennett Todd (Aug 08)
- Re: IDS is dead, etc Sam f. Stover (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- Re: IDS is dead, etc Scott Wimer (Aug 11)
- Re: IDS is dead, etc Bennett Todd (Aug 11)
- RE: IDS is dead, etc Security Conscious (Aug 11)
- Re: IDS is dead, etc Jason Haar (Aug 11)
- Re: IDS is dead, etc Frank Knobbe (Aug 11)
- RE: IDS is dead, etc Bob Buel (Aug 11)
- Re: IDS is dead, etc Barry Fitzgerald (Aug 11)
- Belaboring the point of FPs Paul Schmehl (Aug 12)
- Re: Belaboring the point of FPs Martin Roesch (Aug 13)
- Message not available
- Off-Topic: perfect firewall (was Re: IDS is dead, etc) Bennett Todd (Aug 11)
- RE: IDS is dead, etc Omar Herrera (Aug 13)
- Re: IDS is dead, etc Jonathan Rickman (Aug 15)