IDS mailing list archives
Re: Is IDS/IPS worthless?
From: Michael Stone <mstone () mathom us>
Date: Tue, 24 Feb 2004 22:42:07 -0500
On Tue, Feb 24, 2004 at 11:35:47AM -0500, Xiaoyong Wu wrote:
admin behind the IDS/IPS devices have to be considered. Without a skillful security guy looking at the outputs from the IDS/IPS, the IDS/IPS is almost worthless as a monitoring device without real peoplelooking at the monitors.
Far less so, really. A closed circuit TV with a tape loop is useful even if nobody looks at it, because the log is a handy thing to have after an event has happened. An unmaintained IDS isn't even that useful because it won't have up-to-date signatures and won't have any knowledge ofevolving protocols.
If you step back a little bit this discussion is somewhat amusing--the choir talking amongst themselves about the absolute need for a strong tenor section, even for a one-man-band. Comments like "IDS is essential" just don't make sense. Is IDS essential in some environments? Sure. But for a small business that doesn't even have a full time IT guy it's a silly proposition. Even at a not-so-small business IT dollars are finite and there really just might not be money for IDS--the choice might be "guy to watch IDS" or "guy to install patch". Are such sites evil cancers that should be cut off the net? No, of course not. In the real world there are risks and there are mitigations and sometimes it takes a hard call to determine where to put resources. IDS dogma (or anti-IDS dogma) isn't a path to a reasonable solution. Mike Stone --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- RE: Is IDS/IPS worthless?, (continued)
- RE: Is IDS/IPS worthless? Duston Sickler (Feb 24)
- RE: Is IDS/IPS worthless? Omar Herrera (Feb 23)
- Re: Is IDS/IPS worthless? Michael Stone (Feb 23)
- Re: Is IDS/IPS worthless? Andy Cuff (Feb 23)
- Re: Is IDS/IPS worthless? Mike Hoskins (Feb 23)
- Re: Is IDS/IPS worthless? Olaf Gellert (Feb 23)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- Re: Is IDS/IPS worthless? Olaf Gellert (Feb 23)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- Re: Is IDS/IPS worthless? Xiaoyong Wu (Feb 24)
- Re: Is IDS/IPS worthless? Michael Stone (Feb 25)
- Re: Is IDS/IPS worthless? SecurIT Informatique Inc. (Feb 23)
- Re: Is IDS/IPS worthless? Mike Hoskins (Feb 23)
- RE: Is IDS/IPS worthless? Martin (Feb 23)