|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: False Sense of Security?
From: Harris, Tim (tharris
OCAIR.COM)Date: Thu Nov 16 2000 - 12:20:27 CST
- Next message: Ron Gula: "Re: ATM IDS solutions"
- Previous message: Henry Luciano: "Re: False Sense of Security?"
- Maybe in reply to: Jacob Martinson: "False Sense of Security?"
- Next in thread: Joe Shaw: "Re: False Sense of Security?"
- Maybe reply: Harris, Tim: "Re: False Sense of Security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I view the detection of exploit attempts as serving two important functions.
First, gathering evidence that we are a target. This can be used to
demonstrate to management that it is worth spending the time and effort to
keep the systems up to date. If no one ever attempts to break in, then why
bother with updates? This is analogous to living in many rural areas where
people never lock their doors. On the other hand, I live in a high crime
area where vigilance pays off.
Second, I can double check the work of others. I had a vendor that
installed a system. They had improperly locked it down and it was hacked
within a few days. My IDS told me about the attempt and I was able to go
beat up the vendor and make them reload the machine and do it right this
time.
-----Original Message-----
From: Jacob Martinson [mailto:jmartinsonAPERIAN.COM]
Sent: Thursday, November 16, 2000 6:48 AM
To: FOCUS-IDSSECURITYFOCUS.COM
Subject: False Sense of Security?
>What is the real purpose in detecting exploit attempts?
- Next message: Ron Gula: "Re: ATM IDS solutions"
- Previous message: Henry Luciano: "Re: False Sense of Security?"
- Maybe in reply to: Jacob Martinson: "False Sense of Security?"
- Next in thread: Joe Shaw: "Re: False Sense of Security?"
- Maybe reply: Harris, Tim: "Re: False Sense of Security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]