lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <003001cb0189$5962ddf0$0c2899d0$@com>
Date: Tue, 1 Jun 2010 14:52:51 +0200
From: "Cor Rosielle" <cor@...post24.com>
To: "'Nelson Brito'" <nbrito@...ure.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Why the IPS product designers concentrate
	on	server side protection? why they are missing client protection

Nelson,

> You're missing one point: Host IPS MUST be deployed with any Network
> Security (Firewalls os NIPSs).
Please be aware this is a risk decision and not a fact. I don't use an host IPS and no anti Virus either. Still I'm sure my laptop is perfectly safe. This is because I do critical thinking about security measures and don't copy behavior of others (who often don't think for themselves and just copies other peoples behavior). Please note I'm not saying you're not thinking. If you did some critical thinking and an host IPS is a good solution for you, then that's OK> It just doesn't mean it is a good solution for everybody else and everybody MUST deploy an host IPS.

> No security solution/technology is the miracle protection alone, 
That's true.

> so that's the reason everybody is talking about defense in depth.
Defense in depth is often used for another line of a similar defense mechanism as the previous already was. Different layers of defense works best if the defense mechanism differ. So if you're using anti virus software (which gives you an authentication control and an alarm control according to the OSSTMM), then an host IDS is not the best additional security measure (because this also gives you an authentication and an alarm control).
This would also be a risk decision, but based on facts and the rules defined in the OSSTMM and not based on some marketing material. You should give it a try.
 
Regards,
Cor Rosielle

w: www.lab106.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ