Re: IDS is dead, etc

Bennett,

I think we are on the same page as to the utility of IDS systems.

Where we differ is in our estimation of the level of vulnerability of software that is "known" to be good and secure. Over the course of the summer I've been given more insight into the gray and black hat world. The number of systems that are backdoored -- today, and the number of non-public vulnerabilities and exploits is slightly disturbing.

Perhaps the most disturbing is that the bar is really only raised for the script kiddies; they never posed a substantial risk anyway.

I really like your description of NIDS as AV scanners for the network.   That's classic. Although, some will argue that the more behavioral oriented NIDS have moved past that point. *shrug* A good NIDS is an invaluable tool for network managers. But, a NIDS is not the security "solution" that they are marketed as.

Regards,
scottwimer

Bennett Todd wrote:
> 2003-08-08T12:37:24 Scott Wimer:

>>The assumption that human beings can design, write, and install 
>>software without error is WRONG.

-- 
Scott M. Wimer, CTO                      Cylant
www.cylant.com                           121 Sweet Ave.
v. (208) 883-4892                        Suite 123
c. (208) 301-0370                        Moscow, ID 83843
There is no Security without Control.


---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: 
http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek