Hi Frank, > -----Original Message----- > From: Frank Knobbe [mailto:[EMAIL PROTECTED] > Sent: Saturday, October 15, 2005 9:26 AM > > > Same way IDS, HIDS, Antivirus all are protecting the > > networks,hosts at different layers...Leaving the > > Network administrators with least administrative > > work... > > Well, it seems that they are all failing then, since spyware, worm, and > viruses are still making their rounds! Airlines still suffer outages > from Internet worms, as do car manufacturers (to name just a few recent > high profile cases). > > And it seem we don't trust those added layers either since we're still > nervous on every patch Tuesday with fears of worms to the announced > vulnerabilities. > > As for leaving admins with admin work, that doesn't seem to be justified > if they are spending more and more time administrating all those gadgets > that are getting bolted on to protect the rotten cores, including > applying patches to the security products which themselves are > vulnerable to the same issues they are tying to prevent in the first > place. > > Yeah, call me a purist and laugh at me for throwing up the caution flag > every chance I get, but someone has to :) If no one raises concerns > about the industry getting out of control, then we might just believe > that all is well and continue blissfully towards our doom.
Sorry for that Frank, I was too quick to answer and should have picked better words (It was not my intention to offend or attach a label to you). We all do understand your point. I just wanted to say that it is very difficult to reach security with that approach (which is correct, nonetheless) :-). Now talking seriously, there exist products that implement security shells within what we consider more insecure systems by design. Also, hIPSes with a white lists approach tend to take this approach as well which is why defend a lot these particular solutions. I agree that they are still patches since the solution is not integrated within the operating system, where it should be. But these kinds of patches tend to get us closer to the best technical solutions available (that you pointed out). As for your forecast, I personally believe that enough pressure is mounting so that creators of those operating systems start implementing more effective security solutions within the O.S, before we reach doom. But it might still be too early to tell which one will be right, and I really hope it is me :-) Kind regards, Omar Herrera ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
