Re: IDS is dead, etc

2003-08-08T12:37:24 Scott Wimer:
> The assumption that human beings can design, write, and install
> software without error is WRONG.

No disagreement there. I don't presume software without error.

I do maintain, however, that by combining tight configuration control with complete abstinance from known-bad software, you can raise the barrier sufficiently high that the attacks that succeed will be so wildly new and out of left field that your IDS would be no more help than your firewall. IDSes detect known problems; they're the "anti-virus scanners" of the network.

Given such a setting, an IDS is still a great idea, as an educational tool, but it's not helping to tighten your protections, because it won't alarm on anything that succeeds.

-Bennett

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek