IDS mailing list archives

Re: IPS, alternative solutions


From: Jason Haar <Jason.Haar () trimble co nz>
Date: Thu, 16 Sep 2004 13:08:56 +1200

On Wed, Sep 15, 2004 at 03:47:28PM -0400, Jason wrote:
I would be seriously interested in an ROI that can demonstrate savings.

The simple question is how is inline packet scrubbing easier and more 
cost effective than patching?

It isn't.

I think the business community is starting to realise that in this Microsoft
dominated world, we can no longer exclusively rely on "external"
infrastructure like firewalls and NIDS to protect our machines - we have to
make our machines more secure.

The advent of Windows Updates and SUS are signs that Microsoft is listening
and learning. Of course I could rant on at length about the *culture* of
Windows being the much harder nut to crack (local admin privs anyone?), but
it's moving in the right direction.

Firewalls and NIDS are obviously good to have (required isn't probably too
strong a word), but once you have a good, working and productive "network
protection" infrastructure in place, your security gaze rightfully falls
back on those darn Windows boxes again...

In the medium term our company going down the Network Admission Control route:
don't allow a machine onto the corporate network unless it has been VETOED
by the network as being patched, up to date, etc. Interestingly, this
"network solution" reinforces my point - it's all about bring consistency
and security standards to the end-user PC...

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------


Current thread: