[funsec] so, is I[dp]S a STUPID technology?
Keith.Young at montgomerycountymd.gov
Tue Oct 11 17:56:25 CDT 2005
> True, no solution is perfect, but Paul - why won't you use your IDS/IPS
> budget, and the time you spent configuring and installing it, in running a
> vulnerability scanner at regular basis (automatically, hopefully) and install
> a decent patch management system to make sure your systems are up to date?
> I'm not trying to be argumentative - I'm seriously trying to understand the
> logic. I must be missing something here.
There are two examples off the top of my head that vulnerability scanners and patching alone won't solve:
1) 0-day xpl0!tz (see today's eEYE publications) and/or slow vendor reaction time (see recent Oracle thread on this list). I would hope that at least for the recent Oracle holes, the IDS/IPS vendors already have good signatures to detect/prevent these.
2) if your security does fail for whatever reason, your IDS/IPS devices will probably show you some hints as to how the box was initially rooted. These logs could also be useful for criminal prosecution or a good beating with a metal ruler.
I also don't trust any business speculators that don't get their fingers dirty every once in a while...
Keith Young, Security Official
Department of Technology Services
Montgomery County, Maryland
phone - (240) 777-2955
More information about the funsec