to change the thread direction, I'd say that I don't like IDS for the
following reasons:
- it seems to me more natural to use our energy to fix systems than to
watch for who is
trying to come inside.
- I do not think IDS has been valuable to make progress in security
software dev. hackers
have finally been more helpful (though this was not their intent).
- I am not aware of any "mathematically serious" IDS product (yes,
mathematically serious is hard
to define, but I guess it is easy to understand). those I heard of are a
kind of elaborate grep extensions.
In my opinion, intrusion detection should be left to some specialized
companies. I mean that we should
not buy IDS prducts, but merely call these guys to audit our net, to run
their tools from time to time, ...
as intrusion detection is still based on skill, not on discipline (ie I
doubt that someone who is enough
disciplined to click buttons would find the same things that a skilled
hole-finder would).
I am convinced that I am biased, so I say it now before getting lamed to
death: this is just an opinion,
nothing more.
On the other side, since IDS help some nice guys get money from stupid
customers, there is a benefit to the human race.
As Dilbert goes, 90% of the customers are stupid and give you money, and
10% are smart and give you ideas
(I forgot the exact wording, but it's something like that).
regards,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
