IDS mailing list archives
RE: IDS and Spywares
From: "Omar A. Herrera" <omar.herrera () oissg org>
Date: Sat, 15 Oct 2005 09:59:28 +0100
Hi Frank,
-----Original Message----- From: Frank Knobbe [mailto:frank () knobbe us] Sent: Saturday, October 15, 2005 9:26 AMSame way IDS, HIDS, Antivirus all are protecting the networks,hosts at different layers...Leaving the Network administrators with least administrative work...Well, it seems that they are all failing then, since spyware, worm, and viruses are still making their rounds! Airlines still suffer outages from Internet worms, as do car manufacturers (to name just a few recent high profile cases). And it seem we don't trust those added layers either since we're still nervous on every patch Tuesday with fears of worms to the announced vulnerabilities. As for leaving admins with admin work, that doesn't seem to be justified if they are spending more and more time administrating all those gadgets that are getting bolted on to protect the rotten cores, including applying patches to the security products which themselves are vulnerable to the same issues they are tying to prevent in the first place. Yeah, call me a purist and laugh at me for throwing up the caution flag every chance I get, but someone has to :) If no one raises concerns about the industry getting out of control, then we might just believe that all is well and continue blissfully towards our doom.
Sorry for that Frank, I was too quick to answer and should have picked better words (It was not my intention to offend or attach a label to you). We all do understand your point. I just wanted to say that it is very difficult to reach security with that approach (which is correct, nonetheless) :-). Now talking seriously, there exist products that implement security shells within what we consider more insecure systems by design. Also, hIPSes with a white lists approach tend to take this approach as well which is why defend a lot these particular solutions. I agree that they are still patches since the solution is not integrated within the operating system, where it should be. But these kinds of patches tend to get us closer to the best technical solutions available (that you pointed out). As for your forecast, I personally believe that enough pressure is mounting so that creators of those operating systems start implementing more effective security solutions within the O.S, before we reach doom. But it might still be too early to tell which one will be right, and I really hope it is me :-) Kind regards, Omar Herrera ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- RE: IDS and Spywares, (continued)
- RE: IDS and Spywares vipul kumra (Oct 12)
- RE: IDS and Spywares Omar A. Herrera (Oct 13)
- RE: IDS and Spywares Matt Jonkman (Oct 14)
- RE: IDS and Spywares Omar A. Herrera (Oct 14)
- RE: IDS and Spywares Matt Jonkman (Oct 14)
- RE: IDS and Spywares Omar A. Herrera (Oct 14)
- RE: IDS and Spywares Frank Knobbe (Oct 18)
- RE: IDS and Spywares Omar Herrera (Oct 18)
- RE: IDS and Spywares Dhruv Soi (Oct 18)
- RE: IDS and Spywares Frank Knobbe (Oct 18)
- RE: IDS and Spywares Omar A. Herrera (Oct 18)
- RE: IDS and Spywares Omar A. Herrera (Oct 13)
- RE: IDS and Spywares vipul kumra (Oct 12)
- RE: IDS and Spywares Omar Herrera (Oct 18)