[Cialug] Intrusion Detection/Prevention

[Josh More]

Personally, I think that IDS systems are helpful, not because they help
you 
detect intrusions, but because the processes you have to go through to 
set them up correctly force you to identify how your network operates. 
True security is in undertstanding and minimizing risk.  This can only
be 
done (IMO) through constant analysis and correction.  An IDS can be 
likened to the canary in the coal mine.  If you try to work outside of 
procedure (which will likely create a problem down the road), the IDS 
will scream at you until you fix the IDS.  Hopefully, you also have
enough 
discipline to fix your network docs at the same time. 
 
An IPS system, however, seems be marketed from a standpoint of 
you don't have to understand your systems, because this little box 
will make all your problems go away.  I view these systems to be 
little better than electronic snake oil that make it easy to ignore
risk. 
Risk should either be eliminated or accepted.  If you ignore it, you
just 
create problems for yourself later. 
 



-- 
-Josh More, RHCE, CISSP, NCLP 
morej at alliancetechnologies.net 
515-245-7701

>>>smith at ipmvs.com 12/09/05 2:55 pm >>>

What does everyone think about Intrusion Detection/Prevention software
systems and products?

Anyone use anything?  I'm not sold on the concept - maybe I don't
understand
it.  If you lock everything down it shouldn't be an issue should it? 
Don't
you want to know about new attacks that were/are successful?

-Nate



Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20051212/065f2058/attachment.htm