|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Why bother with IDS (was Re: False Sense of Security?)
From: Bennett Todd (bet
RAHUL.NET)Date: Thu Nov 16 2000 - 12:58:52 CST
- Next message: Dragos Ruiu: "Re: Why bother with IDS (was Re: False Sense of Security?)"
- Previous message: Joe Shaw: "Re: False Sense of Security?"
- In reply to: Jacob Martinson: "False Sense of Security?"
- Next in thread: Dragos Ruiu: "Re: Why bother with IDS (was Re: False Sense of Security?)"
- Reply: Bennett Todd: "Why bother with IDS (was Re: False Sense of Security?)"
- Reply: Dragos Ruiu: "Re: Why bother with IDS (was Re: False Sense of Security?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
2000-11-16-09:48:17 Jacob Martinson:
> What is the real purpose in detecting exploit attempts?
There's no one real purpose. There's a range of them, some of which
are really valid and appropriate in some settings, and of course
some of which are bogus:-).
Lemme offer a couple of valid ones, without any claim that this is
an exclusive list.
(1) Suppose you had an environment where users were in a position to
positively demand access to a protocol which you could not
adequately secure. It might, hypothetically, be possible to
detect at least some attacks being propogated over that protocol
even if you weren't in a position to fix the implementation,
e.g. because it was built on proprietary systems.
(2) If someone is running an attack against you, perhaps you want to
know it. If you have a very simple and very paranoid perimeter,
then ignoring all attacks is often good sense, I do that in a
lot of places. But if you have a really complicated and hairy
perimeter, with loads of complexity where you might have made a
config error, then by setting off alarms on the attacks that
fail, you might be able to watch things a little closer and
improve the odds of your noticing a successful attack quicker.
This is the early-warning-system argument.
(3) Security is a business risk management proposition. Security
costs money, both directly in purchasing hardware and software
and paying the salaries of the people to configure and maintain
them, and indirectly in the loss of convenience or performance
or functionality, wherever you draw your balance line. By
documenting the attacks which your current perimeter is
successfully repelling, you may be in a better position to
justify its continued existence.
I'll let others pitch in with other examples, my imagination is
getting pooped:-).
-Bennett
- application/pgp-signature attachment: stored
- Next message: Dragos Ruiu: "Re: Why bother with IDS (was Re: False Sense of Security?)"
- Previous message: Joe Shaw: "Re: False Sense of Security?"
- In reply to: Jacob Martinson: "False Sense of Security?"
- Next in thread: Dragos Ruiu: "Re: Why bother with IDS (was Re: False Sense of Security?)"
- Reply: Bennett Todd: "Why bother with IDS (was Re: False Sense of Security?)"
- Reply: Dragos Ruiu: "Re: Why bother with IDS (was Re: False Sense of Security?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]