[funsec] so, is I[dp]S a STUPID technology?
Roland Dobbins
rdobbins at cisco.com
Tue Oct 11 16:16:28 CDT 2005
Yes, I've found microanalytical technologies such as IDS to be very
useful on large networks when a) alerted to an issue by a
macroanalytical technology such as flow-based anomaly-detection and
then drilling down and b) used for forensics and analysis after-the-
fact.
On Oct 11, 2005, at 1:57 PM, Blue Boar wrote:
> Aviram Jenik wrote:
>
>> See, this is what I don't get. I can understand the bored people
>> (sorry Gadi) who want to log and monitor who attacks them and why.
>> I _can't_ understand the busy people who are actually protecting
>> their network, spending their time and money on silly IDS solutions.
>>
>
> So after you have had a successful intrusion, you really really
> wish that you had some logs to help tell you what happened. An IDS
> can provide some of those. Ideally, one closer to the original
> concept of NFR.
>
> Or perhaps you work for a group that requires investigating all
> attempts, and it becomes a survival technique to reduce those as
> much as possible. ;)
>
> Ryan
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
-------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
UNIX was not designed to stop you from doing stupid things, because
that would also stop you from doing clever things.
-- Doug Gwyn
More information about the funsec
mailing list