IDS mailing list archives
Re: Low cost HID based IDS system
From: "George W. Capehart" <gwc () capehassoc com>
Date: Tue, 27 May 2003 08:24:40 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 22 May 2003 11:27 pm, Sekurity Wizard wrote:
It's a matter of economics, and yes, a false sense of security is worse than a sense of insecurity. Your customer need to be educated that they are NOT covered in a way an MSSP would...but then if they're that small they're probably not business-critical in terms of their systems. We need to make clear distinctions here - lest we forget that money is still short out there today. I see budgets cut constantly...and security isn't a piece of IT that can show a definite "benefit" over a defined period. You can say to your client "you could have been hacked and x, y, and z, could have happened"...but then the client will undoubtedly come back to you with..."sure, but we haven't had IDS for years...we've had problems but we've always dealt with them - so no business-ending loss"....make sure you understand the proper way to rebut that. We keep arguing the same points over and over - and some of you folks miss the point entirely. Snort is great, and I love that it's out there - but it'll only catch what you configure it to look for...simple. You need to have an onion, folks. Firewall-->"IDS/IPS"-->network is how it should always go...at very least. And last but certainly not least - think about this point for a second... Everything is broken down to acceptable risk - what's your client willing to accept in a cash vs. results bargain?
IMHO, these are two very important points. Defense in depth is a cornerstone of a good security architecture. For those who would like to have information to which they can point when they talk about it to their customers, Google has for a good selection of information, some of it better than others. A good reference/intro is at the SANS Institute: http://www.sans.org/rr/securitybasics/defense.php . . . A more in-depth discussion can be found at: http://www.dodccrp.org/diwCh15.htm. As Sekurity Wizard pointed out, the concept is easier to sell once "the customer" has gone through a thorough risk assessment and really understands the threats to which he/she is exposed and the cost/impact of not protecting against them . . . But then, in my experience, it's harder to sell some customers on the risk assessment than it is "point solutions." :-> My $0.02. /g - -- George W. Capehart "With sufficient thrust, pigs fly just fine . . ." -- RFC 1925 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+01kUPhMbfSg3fpARAh3pAJ9wFFcXfAspwn+TeCNxVhej+8tEDgCgu2t6 4HEbje9Ow5LVIUWMivv2NDo= =e73J -----END PGP SIGNATURE----- ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- Re: Low cost HID based IDS system, (continued)
- Re: Low cost HID based IDS system dreamwvr () dreamwvr com (May 16)
- Re: Low cost HID based IDS system Krzysztof Zaraska (May 16)
- RE: Low cost HID based IDS system Zach Forsyth (May 20)
- RE: Low cost HID based IDS system Paul Schmehl (May 20)
- Re: Low cost HID based IDS system Dick Li (eBits Limited) (May 22)
- RE: Low cost HID based IDS system Paul Schmehl (May 20)
- Re: Low cost HID based IDS system Andrew Plato (May 20)
- Re: Low cost HID based IDS system SecurIT Informatique Inc. (May 20)
- RE: Low cost HID based IDS system Alan Shimel (May 20)
- RE: Low cost HID based IDS system Schmehl, Paul L (May 20)
- RE: Low cost HID based IDS system Sekurity Wizard (May 26)
- Re: Low cost HID based IDS system George W. Capehart (May 27)
- RE: Low cost HID based IDS system Zach Forsyth (May 27)