funsec mailing list archives
RE: so, is I[dp]S a STUPID technology?
From: "Young, Keith" <Keith.Young () montgomerycountymd gov>
Date: Tue, 11 Oct 2005 18:56:25 -0400
True, no solution is perfect, but Paul - why won't you use your IDS/IPS budget, and the time you spent configuring and installing it, in running a vulnerability scanner at regular basis (automatically, hopefully) and install a decent patch management system to make sure your systems are up to date? I'm not trying to be argumentative - I'm seriously trying to understand the logic. I must be missing something here.
There are two examples off the top of my head that vulnerability scanners and patching alone won't solve: 1) 0-day xpl0!tz (see today's eEYE publications) and/or slow vendor reaction time (see recent Oracle thread on this list). I would hope that at least for the recent Oracle holes, the IDS/IPS vendors already have good signatures to detect/prevent these. 2) if your security does fail for whatever reason, your IDS/IPS devices will probably show you some hints as to how the box was initially rooted. These logs could also be useful for criminal prosecution or a good beating with a metal ruler. I also don't trust any business speculators that don't get their fingers dirty every once in a while... --Keith Keith Young, Security Official Department of Technology Services Montgomery County, Maryland phone - (240) 777-2955 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: so, is I[dp]S a STUPID technology?, (continued)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 11)
- lalala [was: Re: so, is I[dp]S a STUPID technology?] Gadi Evron (Oct 11)
- Re: lalala [was: Re: so, is I[dp]S a STUPID technology?] Valdis . Kletnieks (Oct 11)
- lalala [was: Re: so, is I[dp]S a STUPID technology?] Gadi Evron (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- IPS as anti ddos???? [was: Re: so, is I[dp]S a STUPID technology?] Gadi Evron (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Young, Keith (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Dave Hawkins (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 13)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 11)