RE: so, is I[dp]S a STUPID technology?

["Young, Keith" <Keith.Young () montgomerycountymd gov>]

> True, no solution is perfect, but Paul - why won't you use your IDS/IPS 
> budget, and the time you spent configuring and installing it, in running a 
> vulnerability scanner at regular basis (automatically, hopefully) and install 
> a decent patch management system to make sure your systems are up to date? 
>
> I'm not trying to be argumentative - I'm seriously trying to understand the 
> logic. I must be missing something here. 

There are two examples off the top of my head that vulnerability scanners and patching alone won't solve: 
        1) 0-day xpl0!tz (see today's eEYE publications) and/or slow vendor reaction time (see recent Oracle thread on 
this list). I would hope that at least for the recent Oracle holes, the IDS/IPS vendors already have good signatures to 
detect/prevent these.

        2) if your security does fail for whatever reason, your IDS/IPS devices will probably show you some hints as to 
how the box was initially rooted. These logs could also be useful for criminal prosecution or a good beating with a 
metal ruler. 

I also don't trust any business speculators that don't get their fingers dirty every once in a while... 

--Keith 


Keith Young, Security Official 
Department of Technology Services 
Montgomery County, Maryland 
phone - (240) 777-2955 


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.