[Dailydave] lots of monkeys staring at a screen....security?
Gadi Evron
ge at linuxbox.org
Fri Oct 27 12:24:00 Local tim 2006
On Fri, 27 Oct 2006, Joanna Rutkowska wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dave Korn wrote:
> /.../
> > Second point is: defense in depth. It's an extra barrier. You don't /not/
> > run an AV just because someone can write a custom virus it won't detect. You
> > run simple and automated systems that can deal with the 90% of threats that
> > are easily managed in order to free up valuable /human/ resource to look into
> > the 10% that really do need to be understood. It does /work/; it's just that,
> > when working, it only has a limited role to fill and is not a
> > one-stop-shop-one-size-fits-all-be-all-and-end-all-turnkey-security-solution.
> >
>
> Nobody says it needs to be a one-size-fits-all solution - it's just that
> there is a difference between something which is capable of
> detecting/preventing only a bunch of *known* exploits vs. something
> which is capable of preventing a known *class* of attacks...
>
> joanna.
Enough people here know about how IDS's don't live up to nearly any
expectations, or how they.. do? I personally don't believe in them in any
way, I would implement them once I am done with a lot of other security
measures.
Now, if I am to look at what they give me vs. another box for compromising
which sits in a critical location... I am not sure what choice I'd make.
For some reason, people equate Intrusion Detection to IDS devices. IDS
devices are signature based and try to detect bad behaviour using, erm, a
sniffer or equivalent.
Intrusion detection is everything which will help detect an intrusion. IDS
won't unless it's too late, and keep you busy while you're at it.
Gadi.
More information about the Dailydave
mailing list