Re: so, is I[dp]S a STUPID technology?

[Blue Boar <BlueBoar () thievco com>]

Paul Schmehl wrote:
> You''re not understanding.  I don't have a *useful* vulnerability 
> scanner. When I say "useful", what I mean is: a scanner that can be 
> scheduled to do routine scans of my address space.  To scan for the SANS 
> 20 across my entire network takes the better part of a day.  To do that 
> routinely means that one day of *every* week is taken up scanning for 
> that alone.  Why that's going on, any other scans will be queued.  So I 
> can't do "spot" scans with that tool.
>
> The IPS is updated very regularly, automatically, without me having to 
> do anything except review the report to ensure nothing is being blocked 
> that I don't want blocked.

Am I allowed to abuse the list for market research purposes?

Paul, in theory, is an agent-based system useful to you for these 
purposes?  So that all the boxes can check themselves, and report in 
continually?

(Yes I work for such a vendor, which I won't mention here, because I'm 
really not trying to make a veiled sales pitch.  Yes, we fall easily 
outside of Paul's budget requirement, and no, we don't easily solve the 
problem of random unauthorized Debian boxes popping up.)

                                                BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.