[funsec] so, is I[dp]S a STUPID technology?

Roland Dobbins rdobbins at cisco.com
Tue Oct 11 16:16:28 CDT 2005


Yes, I've found microanalytical technologies such as IDS to be very  
useful on large networks when a) alerted to an issue by a  
macroanalytical technology such as flow-based anomaly-detection and  
then drilling down and b) used for forensics and analysis after-the- 
fact.

On Oct 11, 2005, at 1:57 PM, Blue Boar wrote:

> Aviram Jenik wrote:
>
>> See, this is what I don't get. I can understand the bored people  
>> (sorry Gadi) who want to log and monitor who attacks them and why.  
>> I _can't_ understand the busy people who are actually protecting  
>> their network, spending their time and money on silly IDS solutions.
>>
>
> So after you have had a successful intrusion, you really really  
> wish that you had some logs to help tell you what happened.  An IDS  
> can provide some of those.  Ideally, one closer to the original  
> concept of NFR.
>
> Or perhaps you work for a group that requires investigating all  
> attempts, and it becomes a survival technique to reduce those as  
> much as possible. ;)
>
>                     Ryan
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>

-------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice

UNIX was not designed to stop you from doing stupid things, because
that would also stop you from doing clever things.

                       -- Doug Gwyn


More information about the funsec mailing list