Hosting Provided By

RE: Low cost HID based IDS system

From: Paul Schmehl <pauls(at)utdallas.edu>
Date: Tue May 20 2003 - 16:49:22 EDT

I'm a big believer in open source. I use snort, nessus, nmap, etc. daily. I run snort on FreeBSD. I'm writing to you on a RedHat box. I don't think that I missed your point. I was trying to point out to you that the cost of a service isn't *just* the equipment or software you have to provide. You need to think about that carefully, or you will burn yourself out trying to help your customers.

As one who monitors our network I can tell you that while snort is free, installing it, configuring it, keeping it up to date and *monitoring it* is not. It's nice to have the technology in place, but I *do* have to sleep from time to time, and when I'm sleeping the bad guys are not.

You're absolutely right that something is better than nothing. I'm just trying to warn you to not get your customers' hopes up too high. Unless you can monitor 24/7/365 you *will* miss attacks. They need to know that. They need to understand that the *best* model is one where they get 24/7/365 coverage. What you're thinking about offering them is *useful*, but it needs to be taken in context.

I am *not* saying that what you're thinking about doing is a bad idea. I *am* saying that you need to be realistic regarding your and your customers' expectations and you need to think about how much putting this system together will cost you. I'm sure you don't consider your time as free. How much are you willing to "spend" to put together a system? And how long will it take you to recover that cost?

--On Monday, May 19, 2003 10:21:01 AM +1000 Zach Forsyth <Zach.Forsyth@kiandra.com> wrote:

> Paul,

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention.

Do you need help?

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2

Received on Tue May 20 17:03:53 2003

This message: [ Message body ]
Next message: Thomas H.Ptacek: "Re: IDS thoughts"
Previous message: Mike Frantzen: "Re: IDS thoughts"
In reply to Zach Forsyth: "RE: Low cost HID based IDS system"
Next in thread: Dick Li (eBits Limited): "Re: Low cost HID based IDS system"
Reply: Dick Li (eBits Limited): "Re: Low cost HID based IDS system"
Reply: Sekurity Wizard: "RE: Low cost HID based IDS system"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:12 EDT