IDS mailing list archives
Re: IDS vs Application Proxy Firewal
From: Damiano Bolzoni <damiano.bolzoni () utwente nl>
Date: Tue, 28 Oct 2008 16:04:11 +0100
Omar Herrera wrote:
The reason why white listing doesn't work is not because it is overly complex but because it requires us to do things properly starting from the way we do business and design our systems and applications. It does take time and requires that we know our assets and business functions to set permissions,.
IMHO here you're making a quite strong (and wrong) assumption: you assume that software will always work as you expect it to do. Should that be the case, you would be able to predict everything and the whitelist approach would work. Unfortunately, in 35 years of C programming, people haven't learnt yet how to avoid buffer overflows (this example applies to any other vulnerability you like). Yes, the whole intrusion detection (and prevention in particular) game is "just" a big attempt to "patch" bugged systems...clearly, this patching process cannot be perfect (and never will). Cheers -- Damiano Bolzoni damiano.bolzoni () utwente nl Homepage http://dies.ewi.utwente.nl/~bolzonid/ PGP public key http://dies.ewi.utwente.nl/~bolzonid/public_key.asc Skype ID: damiano.bolzoni () utwente nl Distributed and Embedded Security Group - University of Twente P.O. Box 217 7500AE Enschede, The Netherlands Phone +31 53 4892477 Mobile +31 629 008724 ZILVERLING building, room 3013 ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: IDS vs Application Proxy Firewal alfredhuger () winterhope com (Oct 24)
- Re: IDS vs Application Proxy Firewal Damiano Bolzoni (Oct 27)
- Re: IDS vs Application Proxy Firewal Omar Herrera (Oct 27)
- Re: IDS vs Application Proxy Firewal Stefano Zanero (Oct 28)
- Re: IDS vs Application Proxy Firewal Omar Herrera (Oct 28)
- Re: IDS vs Application Proxy Firewal Stefano Zanero (Oct 28)
- Re: IDS vs Application Proxy Firewal Ashish Kamra (Oct 29)
- Re: IDS vs Application Proxy Firewal Stefano Zanero (Oct 29)
- RE: IDS vs Application Proxy Firewal Kamra, Ashish (Oct 29)
- Re: IDS vs Application Proxy Firewal Stefano Zanero (Oct 29)
- Re: IDS vs Application Proxy Firewal Omar Herrera (Oct 27)
- Re: IDS vs Application Proxy Firewal Damiano Bolzoni (Oct 27)
- Re: IDS vs Application Proxy Firewal Damiano Bolzoni (Oct 28)
- Re: IDS vs Application Proxy Firewal Arian J. Evans (Oct 28)
- Re: IDS vs Application Proxy Firewal Omar Herrera (Oct 28)
- Re: IDS vs Application Proxy Firewal Arian J. Evans (Oct 29)