IDS mailing list archives
Re: IDS vs Application Proxy Firewal & OT list bouncing
From: "Arian J. Evans" <arian.evans () anachronic com>
Date: Mon, 27 Oct 2008 13:29:10 -0700
Good points, inline: On Fri, Oct 24, 2008 at 3:02 PM, alfredhuger () winterhope com <alfredhuger () winterhope com> wrote:
Arian,Anyway, that said, the behavioral realm is begging to be explored more. I'm surprised none of the vendors have touched it. It seems so promising.They have, the problem is in finding market applicability.
Yes, but I have seen little to no progress in the mainstream WAF vendors. And to be fair: they have much more immediate problems to solve right now with their current approaches. But market viability has already been proven. In fact there was one success in the behavioral "WAF/IDS" arena few in the security community are aware of. A product called "Business Signatures" executed quite well in this problem domain -- though ostensibly not for the purpose of being a WAF -- and was acquired by Entrust a few years ago. They had some large and very happy clients I worked with: http://www.networkworld.com/news/2006/071906-entrust.html They took a behavioral learning approach, and had excellent functionality that could be leveraged for security after a fashion. I am unsure how Entrust has/will execute with this technology....but they must also have seen the promise here to move it from a webapp business-rules flow-enablement tool to spin it in a security-focused direction.
ps -- unsure if this will make the list. Security Focus has randomly blocked me from some lists but not others, and I have been unable to get the SF list-server admins to respond to email about this for almost TWO YEARS now for some reason.For a guy who is obviously quite intelligent I'm surprised you've not sorted this one out yet. Your posts are certainly well thought out and you clearly understand your space well. The gating factor for you ( or more precisely, your posts) is that you litter your posts with frenetic vitriol. In an otherwise fantastic post you make two cheap (albeit possibly true) shots at vendors in the app firewall/ids space and then follow up with a coup de grace at the site your posting through. All of this and your surprised your posts fail and the moderators ignore you?
<OT> I would understand if moderation were the problem. My messages get rejected by the server configs on less than half the SF lists (which the moderators do not control). I've had moderators trying to get my posts involved in dialogue on those lists and are unable to do so because of what appears to be the SF list-server admins. I have contributed quite productively to the SF list community for many years, but at this point I've kind of thrown up my hands. After two years you probably would too Alfred. I have a guess at the technical problem. I know what changed on my end when the issue started. A simple reply on whether or not SF is willing to accept certain mail header configs would suffice. nota bene: I only take shots at vendors with vitrol if I can support my statements with facts and real- world examples, and I have written the vendor off in a given problem-domain. In most cases it is intended for comic relief (mine) and it is up to the reader to chose to appreciate that or not. The vendors are competing for the dollars of folks reading this list and since it is hard to find competent, qualified information on emerging technologies (or really any since the IT Product Review industry is dead since print media died) this is a great medium place for punchy statements. I am aware of and certianly respect SF's business case for advertising revenue that would lead them not to encourage advertiser denigration or emotional flame wars devoid of fact. But that's not the issue here. I am pretty sure it is a simple server config issue that is a 5 minute discussion. I like others who have been impacted by this have simply taken our dialogue elsewhere, which is why the list traffic has died off on some lists I suspect. As for my opinions on vendors, well.... I have been wrong before. By contributing my opinions to the public forum I ask that you put them under your protection, and allow I may be wrong, YMMV, and I might need to change my opinion in the future. In turn I will both always support the right of anyone in this public dialogue to do the same, and back up my claims as needed with reasonable matters of fact and existence, -- -- Arian J. Evans. Solipsistic Software Security Sophist ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: IDS vs Application Proxy Firewal & OT list bouncing Arian J. Evans (Oct 28)
- Re: IDS vs Application Proxy Firewal & OT list bouncing alfredhuger () winterhope com (Oct 28)
- Re: IDS vs Application Proxy Firewal & OT list bouncing Thomas Ptacek (Oct 28)
- Re: IDS vs Application Proxy Firewal & OT list bouncing alfredhuger () winterhope com (Oct 28)