Re: IDS is dead, etc

Bennet,

Here's the quote about perfecty implemented firewalls that I think is germain. Hopefully I'm not taking it out of context:

	"A perfectly implemented firewall allows no protocols
	through for which there are vulnerable implementations
  	inside. That means it's impossible to implement a
	perfect firewall if you're going to allow Windows
	users to have internet access."

I may very well be putting words in your mouth (for which I appologize) when I write about the silliness of expecting that any protocol will be implemented vulnerability free -- on any platform.

Bennett Todd wrote:

> I've heard of one device that I can believe can alert on a

After a brief review of Mazu's Profiler and Enforcer docs, I'm currious how it handles attacks that come in via encrypted means.

I'm not convinced that a NIDS can be more than a network management tool. With the caveat for things like floods of various types. From what I've seen, to detect and respond to all categories of exploits in a timely manner requires some sort of defense mechanism implemnted at the host. This prejudice may come from the work we do on host based IPS systems though. But, it's the only way I've seen to reliably stop exploits whether they are previously known or not.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Regards,
scottwimer

-- 
Scott M. Wimer, CTO                      Cylant
www.cylant.com                           121 Sweet Ave.
v. (208) 883-4892                        Suite 123
c. (208) 301-0370                        Moscow, ID 83843
There is no Security without Control.


---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: 
http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------