Re: IDS is dead, etc

> A perfectly implemented firewall allows no protocols through for

Ok - I'll bite... Are you talking platonic perfect or worldly perfect?   If you mean platonic perfect, I'll agree, but given your statement below, I think you mean perfect w/ regard to a properly configured network i.e. possible in the "real" world.

How does this address 0-day attacks on services that weren't previously vulnerable? Granted a strings searching IDS might not help you there, but a true protocol based IDS like NFR might alert you to something that wasn't an issue before you implemented your "perfect" firewall.

I guess my real question is how to keep your firewall perfect? The instant you drop it in place, you'll have to stay ahead of every hacker out there to keep it perfect... An an IDS is a great tool to assist in that pursuit. Maybe I'm picking nits, but I've always thought of an IDS as a great passive device that will always be there to sniff your traffic in for when something new pops up...

> But given suitable systems configuration, it is possbile to have a

Also, isn't every IDS implementation an educational tool to some degree?

SfS

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek