funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: so, is I[dp]S a STUPID technology?

From: Roland Dobbins <rdobbins () cisco com>
Date: Tue, 11 Oct 2005 14:16:28 -0700
Yes, I've found microanalytical technologies such as IDS to be very useful on large networks when a) alerted to an issue by a macroanalytical technology such as flow-based anomaly-detection and then drilling down and b) used for forensics and analysis after-the- fact. 

On Oct 11, 2005, at 1:57 PM, Blue Boar wrote:


Aviram Jenik wrote:
See, this is what I don't get. I can understand the bored people (sorry Gadi) who want to log and monitor who attacks them and why. I _can't_ understand the busy people who are actually protecting their network, spending their time and money on silly IDS solutions.
So after you have had a successful intrusion, you really really wish that you had some logs to help tell you what happened. An IDS can provide some of those. Ideally, one closer to the original concept of NFR.
Or perhaps you work for a group that requires investigating all attempts, and it becomes a survival technique to reduce those as much as possible. ;) 

                    Ryan
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



-------------------------------------------------------------------
Roland Dobbins <rdobbins () cisco com> // 408.527.6376 voice

UNIX was not designed to stop you from doing stupid things, because
that would also stop you from doing clever things.

                      -- Doug Gwyn
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: