hi mouss,
> to change the thread direction, I'd say that I don't like IDS for the
> following reasons:
> - it seems to me more natural to use our energy to fix systems than to
> watch for who is
> trying to come inside.
hmm.. sometimes they can remind us that we need to be vigilant IMHO..
> - I do not think IDS has been valuable to make progress in security
> software dev. hackers
not sure if i understand what your saying here .. actually not sure what
you mean exactly to comment sorry. But let me say this IMHO IDS is
another toolset for SEC personell to allow them to do their job.
better? perhaps.. perhaps not. it is sort of a friend if you like a
'familiar' for lack of a better term. If your network is 1000s of systems
it is rather pleasant that you have a friend to let you know what is
occuring that you don't really feel like dealing with IMHO. is it a
magic bullet? NO.. that is where the [B] [R] [A] [I] [N] comes in and
experience as it is always the best teacher. If you have a fluid
IDS system it will flow over the terrain ever so semi-intelligently
which is about all one can really hope for.. Then if you can
append to what it scrutinizes well you have a pretty good system AFAIK.
> have finally been more helpful (though this was not their intent).
> - I am not aware of any "mathematically serious" IDS product (yes,
> mathematically serious is hard
> to define, but I guess it is easy to understand). those I heard of are a
> kind of elaborate grep extensions.
hmmm.. well no matter how high the math goes you still need someone to
interpret what you think is interesting IYKWIM..
> In my opinion, intrusion detection should be left to some specialized
> companies. I mean that we should
..And keep the masses from having a early|RT warning system?
i..would have to disagree as if the Internet is going to evolve
then consumers need the ability to obtain IDS systems that fit their
needs large or small. Just like one has locks and safes .. there appears
to be a 'real' demand for alarms. This is where IMHO the alarm co will
impact IDS as they see some flaws in the existing mindset and are
suggesting changes according to what they believe they need.
They do have experience @ the physical layer on alarms after all.
(A unwelcome visitor is always a unwelcome visitor..) Even though
they don't know the etherworld they have some suggestions from
experience to throw into the pot.
> not buy IDS prducts, but merely call these guys to audit our net, to run
> their tools from time to time, ...
IMHO Security is a 24/7 way of life..
> as intrusion detection is still based on skill, not on discipline (ie I
> doubt that someone who is enough
> disciplined to click buttons would find the same things that a skilled
> hole-finder would).
I would agree push button solutions are rather like watered down wine;-))
IDS will doubtfully ever eclipse those who eat,drink, and sleep security.
it needs to be their passion.. i can think of some that fit this catagory.
(how many ppl are on this list;-)) there will always be those who are
add water or wine:-)) YMMV experts because they own a copy of
'pick a product'. But what makes the world go round is all kinds.
..and 'nobody' hee..hee..hee is strong in everything. That is what is
empowering about this list we all can exchange our opinions FWIW.
everyone has @ least 1. if you sift through the stream everyone has
something to say. with the exceptions of lurkers but they too make
a statement by saying nothing actually;-))
> I am convinced that I am biased, so I say it now before getting lamed to
> death: this is just an opinion,
> nothing more.
Opinion is a good thing actually something i usually appreciate as it
get awfully quite talking to oneself. Remember before 'black monday' ?
now that was quite.. some places anyhow..
> On the other side, since IDS help some nice guys get money from stupid
> customers, there is a benefit to the human race.
> As Dilbert goes, 90% of the customers are stupid and give you money, and
> 10% are smart and give you ideas
> (I forgot the exact wording, but it's something like that).
hmm.. well i am not sure i would say stupid .. more like not inexperienced.
We all started somewhere.. Myself i still remember when the first Dist of
Slackware came out and well did i have a lot to learn;-)) I still do..
Best Regards,
[EMAIL PROTECTED]
> regards,
> mouss
--
Reuters, London, February 29, 1998:
Scientists have announced discovering a meteorite which will strike the
earth in March, 2028. Millions of UNIX coders expressed relief for being
spared the UNIX epoch "crisis" of 2038.
_______________________________________________________________________
************** DREAMWVR.COM - TOTAL INTERNET SERVICES ****************
TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here..
<http://www.dreamwvr.com/services/MAX_SEC.html>;
DREAMWVR.COM - The Console of Many... 90 Topics Covered
<http://www.dreamwvr.com/dynamicduo.html>;
<mailto:[EMAIL PROTECTED]>;
->> LINUX Solution Provider and North American Distributor<<-
"===0 PGP Key Available
*************** "As Unique as the Company You Keep."*****************
"If anyone speaks from DREAMWVR.COM its certainly not me:-)"
________________________________________________________________________
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
