Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > focus-ih > 03 > 030006.html (Request Expert securityfocus.com Support)

RE: Handling new vulnerabilities like WebDav - SUMMARY

From: Mike Alexander <mike.alexander(at)mail.moray.gov.uk>
Date: Thu Mar 27 2003 - 05:20:24 EST


Patrik,

I agree entirely with what you say. IDSs are but one link in the chain that forms the security defences that a company can build, but like firewalls they should not be seen as the be all and end all of a corporate security system.

Good systems management and awareness of the risks are what is required, not a blind faith in technology. IDSs are useful in alerting the network/security/systems manager to unusual activity, but I share your view about the "proactive IDS" and the potential for carrying out a DoS attack through what could be nothing more than a port scan.

However these sorts of "active IDS" products appeal to a level of management who don't understand the real risks and seem to think that security is something that you can buy in and is delivered in a large box - the "silver bullet" that you refer to. It's not. I believe that this notion arises from some senior managers having an inability to understand that security should be a layered approach, with integration between a number of difference products/areas.

But now I am also preaching to the converted! ;-)

Regards,

Mike 

Mike Alexander      Email: mike.alexander@moray.gov.uk
ICT Project Leader    Tel: 01343 563445   Fax: 01343 563221
The Moray Council     Web: 
http://www.moray.gov.uk
___________________________________________________________
"He is your friend, your partner, your defender, your dog. You are his life, his love, his leader. He will be yours, faithful and true, to the last beat of his heart. You owe it to him to be worthy of such devotion." -Anon.
  • The Moray Council: Internet E-mail Notice ********

The contents of this e-mail and any attachments ('this e-mail') are confidential and intended solely for the addressee. If this e-mail has been sent to you by mistake, please notify postmaster@moray.gov.uk as soon as possible; you should then delete this e-mail from your computer. Received on Thu Mar 27 11:51:55 2003

Do you need help?X

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:18 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library