Hosting Provided By

RE: Changes in IDS Companies?

From: Kohlenberg, Toby <toby.kohlenberg(at)intel.com>
Date: Wed Nov 13 2002 - 04:38:01 EST

Actually, I'll have to respectfully disagree. There are many systems that run in various environments where for one reason or another you simply can't patch them immediately (or in some bad cases, any time soon), in those cases, you absolutely want to implement protective measures (firewalling, changes in configuration (if possible), isolation, etc...) but those situations are exactly the sort of place where a GIDS _would_ be useful and appropriate. While it isn't the ideal or final solution (removing the vulnerability would be that), it is a reasonable interim solution to manage the risk until a real solution can be implemented.

As any sysadmin can tell you, sometimes the patch is worse than the vulnerability. Downtime from a bad patch can be just as bad or worse than downtime from a compromise. :)

All opinions are my own and in no way reflect the views of my employer.

Toby

> -----Original Message-----
> From: Dominique Brezinski [mailto:dom@decru.com]
> Sent: Tuesday, November 12, 2002 2:29 PM
> To: detmar.liesen@lds.nrw.de; focus-ids@securityfocus.com
> Subject: Re: Changes in IDS Companies?
>
>
> For a smart-ass response, see below....
Received on Wed Nov 13 12:21:39 2002

This message: [ Message body ]
Next message: Gary Golomb: "Re: Changes in IDS Companies?"
Previous message: Jill Tovey: "which IDS"
In reply to Dominique Brezinski: "Re: Changes in IDS Companies?"
Next in thread: Hemant Ramnani: "IDS for DataBase Systems."
Reply: Hemant Ramnani: "IDS for DataBase Systems."
Reply: Gary Golomb: "Re: Changes in IDS Companies?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:04 EDT