Re: Recent anti-NIDS Gartner article

Mike Blomgren wrote:
> If IDS is the looser, and a firewall is the solution - then why do we

To folow the analogy: cameras record things that locks can't stop. A camera/NIDS with humans paying good attention to it can recognize things like somebody breaking a window, loitering suspiciously, etc.

No matter how good your door locks may be, it still won't stop someone from bringing in a vehicle(tank) as a battering ram. or doing something as breaking a window to get access (had that happen to me twice!). Not to mention the use of a lockpick.

With a good recording system (with or without human intervention) they can sometimes provide infomation on the identity, methods and intentions of an intruder. This can be useful either for filing later charges or simply determining what needs to be fixed to prevent a recurrence.

Firewalls can prevent some of the more obvious attacks, but a well-tuned NIDS could also recognize things like suspicious outgoing connections and malicious web/ftp sites. Those are kinds of attacks that the firewall paradigm isn't really designed to handle well.

-- 
Stephen Samuel +1(604)876-0426                samuel@bcgreen.com
		   
http://www.bcgreen.com/~samuel/
    Powerful committed communication. Transformation touching
        the jewel within each person and bring it to life.


-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------