On Wed, 7 Mar 2001, mht wrote:
> If it was a simple IDS as you state, why does need to take all the
> listed classes above in order to configure it and understand it..
> Hmm, must be a better way of defining what an IDS is..
for exactly the reasons stated by Bill Stackpole on this thread:
integrating it and managing it, and understanding it, is vital. it's not a
drop in solution, but it has to be installed, adjusted to a site, and
understood in terms of its role, capabilities, reports and the like.
management types seem to think that everything is drop in, cookie cutter,
and if it's not then something must be wrong with the product. they don't
seem to grasp the uniqueness of networks and their place in an
organzation, and hence the need to tune an IDS sensor (wether it be NIDS
or HIDS) for the environment.
and "simple" was about IDS theory, in terms of my simple breakdown of how
IDS systems work (having studied them for many years). i certainly didn't
want to imply that Tripwire, or any IDS system, is simple, only that my
presentation of the concepts was simple.
EOF?
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
