<html>
<head>
<style type="text/css">
<!--
body { margin-left: 4px; line-height: normal; margin-right: 4px; margin-bottom: 1px; margin-top: 4px; font-variant: normal }
-->
</style>
</head>
<body style="margin-left: 4px; margin-right: 4px; margin-bottom: 1px; margin-top: 4px">
<DIV> Personally, I think that IDS systems are helpful, not because they help you
</DIV>
<DIV>detect intrusions, but because the processes you have to go through to
</DIV>
<DIV>set them up correctly force you to identify how your network operates.
</DIV>
<DIV>True security is in undertstanding and minimizing risk. This can only be
</DIV>
<DIV>done (IMO) through constant analysis and correction. An IDS can be
</DIV>
<DIV>likened to the canary in the coal mine. If you try to work outside of
</DIV>
<DIV>procedure (which will likely create a problem down the road), the IDS
</DIV>
<DIV>will scream at you until you fix the IDS. Hopefully, you also have enough
</DIV>
<DIV>discipline to fix your network docs at the same time.
</DIV>
<DIV> </DIV>
<DIV>An IPS system, however, seems be marketed from a standpoint of
</DIV>
<DIV>"you don't have to understand your systems, because this little box
</DIV>
<DIV>will make all your problems go away". I view these systems to be
</DIV>
<DIV>little better than electronic snake oil that make it easy to ignore risk.
</DIV>
<DIV>Risk should either be eliminated or accepted. If you ignore it, you just
</DIV>
<DIV>create problems for yourself later.
</DIV>
<DIV> </DIV>
<DIV><br><br><br>-- <br>-Josh More, RHCE, CISSP, NCLP <br> morej@alliancetechnologies.net <br> 515-245-7701<br><br>>>>smith@ipmvs.com 12/09/05 2:55 pm >>><br><br>What does everyone think about Intrusion Detection/Prevention software<br>systems and products?<br><br>Anyone use anything?  I'm not sold on the concept - maybe I don't understand<br>it.  If you lock everything down it shouldn't be an issue should it?  Don't<br>you want to know about new attacks that were/are successful?<br><br>-Nate<br><br><br><br>Cialug mailing list<br>Cialug@cialug.org<br>http://cialug.org/mailman/listinfo/cialug<br> </DIV>
</body>
</html>