Frank,
Sometimes it may not be possible to patch critical servers simply
because you can't afford the downtime or you don't know if the patches
would break other critical applications or software. So if you know
the vulnerability and the way it can be exploited, you can protect it
till you can find time to patch it. Nothing wrong in this approach. I
am assuming this is what Lucid means by VM.
Z
On 6/7/05, Frank Knobbe <frank@knobbe.us> wrote:
On Sun, 2005-06-05 at 03:39 -0400, Vikram Phatak wrote:
The biggest knock I've heard about VM is that it doesn't actually
"protect" anything since it is not patching vulnerablities.
I think this single line shows the biggest problem in the security
industry, the need to protect vulnerabilities. Instead of adding layers
to protect the bag of vulnerabilities, we should open the bag and remove
the vulnerabilities one by one.
The term vulnerability management is equally flawed. We should not at
all "manage" vulnerabilities, but "identify" and "eradicate" them.
The whole notion of keeping vulnerabilities around is just flawed...
... and I wonder if IPSes just foster the complacency to accept and live
with vulnerabilities...
Cheers,
Frank
BodyID:1871399.2.n.logpart (stored separately)
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
