Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IDS vs. IPS deployment feedback

from [Aaron] Network Security [Permanent Link]
Subject: Re: IDS vs. IPS deployment feedback
Date: Mon, 17 Apr 2006 19:42:25 -0700
I completely agree. If you are doing anomaly/heuristics based detection then you would need to have a baseline.

Just in my own experience (*points at the bags under the eyes*), I don't really bother with IDS/IPS. Others I work with still do and that is fine, but it is a full time job to chase ghosts. To each their own. :)

I sleep better knowing I audit my stuff and lock things down. It actually kills several birds with one stone (aspca wont like that analogy). I find things that I did not know people installed. I fix sysadmin boo-boo's and can further document what is running where. It also helps me find ahead of time applications that were not coded well and can not withstand a lightweight audit. I can then work with developers to improve their applications and dig deaper into application security. This in my not so humble opinion is a more efficient approach, as it catches weaknesses that network devices can not predict or safely negate without impacting business flow.

But hey, selling network devices means more money changing hands and more jobs so I won't complain. Funny money is still money. :)

--Aaron



On Sun, 16 Apr 2006 17:31:37 +0200
 Stefano Zanero <zanero@elet.polimi.it> wrote:
Aaron wrote:
To add to (or take away) from this thread, I would further mention that
IDS/IPS regardless of make or implimentation, will only see the past,
not the future.

You may wish to notice that this is true, but a problem only for misuse
based devices. Anomaly based devices, on the contrary, use the past as a
way to detect anomalies into the future, and therefore are less
sensitive to the zero-day/unforeseen attack problem.

Stefano

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Simulating Retransmissions, Christian Kreibich
Next by Date:  Which is the most widely deployed commercial IPS, thunking
Previous by Thread:  Re: IDS vs. IPS deployment feedback, Thomas Choi
Next by Thread:  Re: IDS vs. IPS deployment feedback, Stefano Zanero
Indexes:  [Date] [Thread] [Top] [All Lists]