[Dailydave] lots of monkeys staring at a screen....security?

Kevin Johnson kjohnson at secureideas.net
Sat Oct 28 13:40:02 Local tim 2006 

On Oct 27, 2006, at 10:30 AM, Dave Aitel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Making IDS part of a defense in depth strategy is giving it some
> credit for actually providing defense, which it doesn't do. The people
> who win the IDS game are the people who spend the least money on it.
> This is why security outsourcing makes money - it's just as worthless
> as maintaining the IDS yourself, but it costs less. Likewise, Snort is
> a great IDS solution because it does nothing but it does it cheaper.
>

Part of any defense is the ability to detect when things fail.  I  
think that
we want to throw out technology because it doesn't do everything.  I see
every day systems being attacked by simplistic old attacks that IDS  
systems
can warn you about.  Is it the best solution, no.  I actually don't  
think it is a
solution all by itself.

I think that saying something is great because it does nothing cheaper
is a ridiculous line intended to irritate instead of addressing the  
issue.

> The technology curve is towards complex, encrypted, asynchronous
> protocols. The further into time you look, the worse the chances are
> that sniffing traffic is an answer to anything.

So what is your answer.  I learned a long time ago that saying something
didn't work with out giving a better solution was a game played by  
people
who wanted to appear smarter then they are.  And I know that doesn't  
fit you
so what is the solution?

>
> The market is slowly realizing this technology's time has past, but in
> the meantime lots of people are making giant bus-loads of cash. Good
> for them. But IDS technology isn't relevant to a security discussion
> in this day and age and it's not going to be anytime soon.

Again, I think this is an extremist view that doesn't have a place in  
reality.<grin>
People are going to make boatloads of cash, I wish I was included,  
and most
times a company deploying IDS' aren't going to do it right and that  
needs to
change.  but this doesn't invalidate the technology.

>
> imho,
> - -dave

Just my opinion.  But you might want to check out http:// 
taosecurity.blogspot.com/2006/10/response-to-daily-dave-thread.html
which is a much better write up then I could ever do.

Kevin

More information about the Dailydave mailing list