lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <57886.199.91.33.254.1064277445.squirrel@redrazor.net>
From: pdt at jackhammer.org (pdt@...khammer.org)
Subject: Is Marty Lying?

So I hate to bring this up but this comment is borderline on the idiotic
side...  A quick google search on the meaning of IDS would have explained
to you what IDS means.  Incase that isn't something you are versed in I
have done the hard work for you:
http://www.sans.org/resources/idfaq/what_is_id.php

And if for some reason were google to go away and you once again had to
think and figure out what things meant by building on the meanings you
could take a quick trip out to dictionary.com or grep a dead tree and
figure out the meaning.

intrusion:
n 2: entrance by force or without permission or welcome

detection:
n 1: the perception that something has occurred or some state exists

system:
n 1: a group of independent but interrelated elements comprising a unified
whole

So... lets put those together shall we?  The descriptions above would make
me think that IDS means a group of detection mechanisms that can sniff out
intruders.  For someone to be an intruder they have to take action that
would intrude.  So yes, the damage has been done.

    The best analogy I have heard is echoed by a post that just showed up
in my inbox.  It doesn't seem very useless to have security cameras
pointing at bank vaults and keeping an eye on priceless art and on the
entry points and exit points leading to those vaults and national
treasures.  That way we can go back later and say ok, how did they get
the money and who the h$ll was it?
    I don't know about you but I am glad those cameras don't have guns
mounted on them to go ahead and shoot anybody trying to steal the
money.  What happens if they get confused and kill some poor booger
just trying to go to his safety deposit box?  Granted my example
wouldn?t make me very sad, but there are some people that I don?t want
to see go out the way of the dodo.

Anyhow, long story short IPS != IDS and booger == CISSP == further drives
the point home that certs are useless.



> "Detect intrusions" - if you can set an IDS signature for something, then
> you shouldn't be vulnerable to it.  So the functionality of IDS is to tell
> you when you've been compromised by six-month old public vulnerabilities
> that dvdman has finally gotten his hands on an exploit for, that you never
> bothered to patch for?
>
> Useless.
>
> -----------------------------------------------------------
> "Whitehat by day, booger at night - I'm the security snot."
> - CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ -
> -----------------------------------------------------------
>
> On Mon, 22 Sep 2003, Gregory A. Gilliss wrote:
>
>> Peter:
>>
>> Intrusion Detection systems are designed to detect intrusions. Period.
>> No one AFAIK has yet developed the Intrusion Prediction system. If you
>> have an alpha version lying around, pls respond with a link. I'm sure
>> that you will quickly be deluged with download requests =;^)
>>
>> Reactive is the nature of the beast, a point that has been rehashed many
>> many times here and elsewhere. No finite state machine can anticipate or
>> detect the virus that I am right now writing, unless I foolishly make
>> part
>> of the binary match an existing sig. there will *always* be a latency
>> between action and response. One of the things that people on this list
>> do is attempt to assist each other in minimizing that latency.
>>
>> Now, if we could only get some of the vendors onboard >-)
>>
>> G
>>
>> On or about 2003.09.22 21:23:52 +0000, Peter Busser
>> (peter@...steddebian.org) said:
>>
>> > Hi!
>> >
>> > > > 3) Why the fuck do people still thing signature-based IDS is
>> worthwhile?
>> > > Give us another solution. Are you saying anomoly based ids
>> signatures are
>> > > _worthwhile_?
>> >
>> > The problem with IDS systems is the same problem that currently
>> available
>> > virus scanners have: They work reactive and not proactive.
>> >
>> > Making machines harder to break into and improve ways to enforce a
>> security
>> > policy (e.g. by using Mandatory Access Control (MAC)) would be one way
>> to
>> > proactively deal with security.
>>
>> --
>> Gregory A. Gilliss, CISSP                             Telephone: 1 650
>> 872 2420
>> Computer Engineering                                   E-mail:
>> greg@...liss.com
>> Computer Security                                                ICQ:
>> 123710561
>> Software Development                          WWW:
>> http://www.gilliss.com/greg/
>> PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14
>> 0E 8C A3
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ