|
|
Focus on IDS
Re: NIPS Vendors explicit answer Apr 23 2004 09:36PM Vikram Phatak (vphatak lucidsecurity com) (2 replies) Re: NIPS Vendors explicit answer Apr 26 2004 08:28PM Ron Gula (rgula tenablesecurity com) (1 replies) |
|
Privacy Statement |
Frank Knobbe wrote:
...[snip]...
> IDSes are Intrusion Detection Systems. Why do we need to detect
> something that we know exists? In my opinion we should focus our efforts
> on detecting the *unknown* events, not the known ones. I argue that you
> are looking the wrong way :)
...[snip]...
Just to clarify, we still need IDSes to monitor *known* attack patterns,
so as to make-up for the inadequacies of firewall products/systems. As
many of us know, it's easier to sniff out malicious attacks against
different network applications, than asking the firewall vendor to
secure protocols other than HTTP or SMTP or FTP (for example). And yes,
we also know that once an IDS picks up an attack, it may already be too
late --but hey, better late than never.
Drexx Laggui
Asia-Pacific Region
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]