[funsec] so, is I[dp]S a STUPID technology?

Young, Keith Keith.Young at montgomerycountymd.gov
Tue Oct 11 17:56:25 CDT 2005

> True, no solution is perfect, but Paul - why won't you use your IDS/IPS 
> budget, and the time you spent configuring and installing it, in running a 
> vulnerability scanner at regular basis (automatically, hopefully) and install 
> a decent patch management system to make sure your systems are up to date? 
> I'm not trying to be argumentative - I'm seriously trying to understand the 
> logic. I must be missing something here. 

There are two examples off the top of my head that vulnerability scanners and patching alone won't solve: 
        1) 0-day xpl0!tz (see today's eEYE publications) and/or slow vendor reaction time (see recent Oracle thread on this list). I would hope that at least for the recent Oracle holes, the IDS/IPS vendors already have good signatures to detect/prevent these.

        2) if your security does fail for whatever reason, your IDS/IPS devices will probably show you some hints as to how the box was initially rooted. These logs could also be useful for criminal prosecution or a good beating with a metal ruler. 

I also don't trust any business speculators that don't get their fingers dirty every once in a while... 


Keith Young, Security Official 
Department of Technology Services 
Montgomery County, Maryland 
phone - (240) 777-2955 

More information about the funsec mailing list