[Dailydave] lots of monkeys staring at a screen....security?
Halvar Flake
halvar at gmx.de
Fri Oct 27 15:23:26 Local tim 2006
In this entire IDS debate, I would like to recommend reading an old
blog post from FX:
http://www.phenoelit.net/lablog/paradigms/weglassen.sl
Security by weglassen --> Security by omission.
I still agree with the concept of replacing an IDS with just a large
quantity
of tapes on which to archive all traffic. IDSs will never alert you to an
attack-
in-progress, and by just dumping everything onto a disk somewhere you can
at least do a halfways-decent forensics job thereafter. Since everybody and
his dog is doing cryptoshellcode these days you won't be all-knowing, but
at least you should be able to properly identify which machine got owned
first.
Cheers,
Halvar
More information about the Dailydave
mailing list