Ok, this whole thread deserves my feedback. I'm sure a great deal of people
here in this forum have sat down at their computer one day in a REALLY bad
mood and ended up getting a question that they don't think on before
responding.. nor thinking properly about the response that they are
posting.. That is the responsibilities and issues faced when participating
in public forums. I do stand strongly behind my post, although it left a
great deal in the dark, I do still believe it to be true. I do however,
regret the way I chose my words.
The problem here was that someone had posted how great the NFR IDS was, when
in fact, I have a long history of problems with it that this forum is
obviously not aware of. On top of that, I sat in on a 1-2 hour big slap in
the face session by Marcus Ranom to BUGTRAQ, all open disclosure mailing
lists in existence, and every other security professional that I know. As we
all in a group sat their with jaws dropped to the ground as he spoke, we
couldn't help but wonder if he was drugged when he prepared his speech. I
will not go into detail about his speech and the insulting manor in which he
directed it, as I believe this list has been bored enough with how off-topic
this rant has become.
I will however apologize for not posting a much more constructive message to
begin with... I will end this message with this: If Marcus Ranom wants to
diminish the amount of "gray-hat" security professionals out there then he
is asking for a world of textbook-bred security admins who have no "real
world" experience in security at all, only which has been taught to them at
a UCExtension class..
And as far as the NFR IDS goes, no, it is not the "best ids out there" it to
has its share of problems and vulnerabilities, some of which we have not yet
disclosed.. so I should state my original point "think twice before
deploying NFR in a mission-critical environment"
Consider me the "Ebert of the security industry" this one gets 2 thumbs
down..
That and the CTO of a company should never make the mistake of gambling
their reputation by giving a speech
that could be considered HIGHLY controversial to some people.. just bad
professionalism in my book
</end of rant>
----------------------------------------------------------------------
Loki [LoA]
[EMAIL PROTECTED]
----------------------------------------------------------------------
PGP Key fingerprint = 67 1D 12 BE 61 D6 63 B2 6A 8C F8 A1 80 88 1B 4
[[EMAIL PROTECTED]]# ./crack /etc/passwd > passwd.cr
[[EMAIL PROTECTED]]# su - root
[[EMAIL PROTECTED]]#
----------------------------------------------------------------------
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "Chris Brenton" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc: "Firewalls LIST" <[EMAIL PROTECTED]>
Sent: Thursday, August 03, 2000 7:48 PM
Subject: Re: Intrusion Detection (NFR SUCKS)
> At 09:45 PM 8/3/00 -0400, Chris Brenton wrote:
> >Loki wrote:
> > >
> > > Ok, this is going to cause a lot of flames, but I really don't care..
:)
> > > I attended Defcon and Mr. Marcus Ranum made a complete ass out of
> > himself by
> > > insulting close to 75% of his customer base with his choice for
> > discussion...
> >
> >Not to pick, but what does this have to do with firewalls, IDS or NFR's
> >ability to function as advertised? This is like saying "his product
> >sucks because I saw monkeys fly out of his butt". The two concepts have
> >no relevance.
>
> Each product may have its plus/minuses, and some are just freely available
> as in SNORT. Learning SNORT can be very cumbersome also, so again I do
not
> see the distinction or relevance of the point you are raising.
>
> The truth of the matter is, there are lots issues in the Firewall and IDS
> space that have gone unresolved for quite some time. There are people
> coming up with evil applications that can wreak havoc on a site or
> individual without them even knowing about it. There are people who
> publicize these facts hoping vendors (especially Microsoft) will pick up
on
> the fact that there are huge sucking chest wounds in the software they
come
> out with and hopefully someday will fix their software Some other
> organizations try to exploit this fact by attempting to charge lots of
> money to people who want to be sprinkled with "security pixie dust" and be
> transformed into Ultimate Hackers.
>
> SNORT is also not a commercially available IDS. So it is like comparing
> apples and oranges not apples to apples.
>
> > > On a more "unpersonal" note, NFR in my oppinion bites the big one..
> > That may be
> > > a biased opinion due to my heavy involvement and support in the SNORT
IDS..
> >
> >Hummm...
> >You flame Marcus, state his product sucks without providing any backup
> >data and also mention your involvement with a different IDS product.
> >IMHO this statement sounds pretty "personal". Its certainly not
> >technical.
> >
> > > but.. hey.. I did get to play with it and noticed a lot of problems
and
> > issues
> > > with it.. that also may be due to the fact it that it was an eval.. oh
> > well..
> >
> >Problems and issues like...???
>
> There are several issues with every single IDS product on the market. It
> doesn't have this feature, it doesn't have that, it can't do this.. The
> Ultimate Firewall is still the best IDS product available.. !!
>
>
> > > (worthless rant) I'll call this one my, negative (-).02 cents
> >
> >You are certainly entitled to your opinion. Its just a bummer when
> >people take a personal grudge and try and pass it off as technical
> >content. Especially in a public forum.
>
> I have personal grudges with lots of people, but at least I have reason to
> sometimes.. :)
>
> /m
>
>
>
> >Cheers,
> >Chris
> >--
> >**************************************
> >[EMAIL PROTECTED]
> >
> >* Mastering Cisco Routers
> >http://www.amazon.com/exec/obidos/ASIN/078212643X/
> >* Mastering Network Security
> >http://www.amazon.com/exec/obidos/ASIN/0782123430/
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
