| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: peter at trusteddebian.org (Peter Busser) Subject: The usefullness of IDSes (Was: Re: Is Marty Lying?) Hi! > "Detect intrusions" - if you can set an IDS signature for something, then > you shouldn't be vulnerable to it. So the functionality of IDS is to tell > you when you've been compromised by six-month old public vulnerabilities > that dvdman has finally gotten his hands on an exploit for, that you never > bothered to patch for? > > Useless. And what if you use an IDS for checking a security policy? E.g. if you have a special server that is only used by the accounting department and you set up rules to detect connections to that server coming from other departments? Or to monitor port scanning probes on the network. A system shouldn't be vulnerable to a probe. But it could mean the prelude to an attack. Of course these things could be detected by other means as well. Groetjes, Peter Busser -- The Adamantix Project Taking trustworthy software out of the labs, and into the real world http://www.adamantix.org/
Powered by blists - more mailing lists