Comments are inline! Nelson Brito Security Researcher http://fnstenv.blogspot.com/
Please, help me to develop the ENG® SQL Fingerprint™ downloading it from Google Code (http://code.google.com/p/mssqlfp/) or from Sourceforge (https://sourceforge.net/projects/mssqlfp/). Sent on an iPhone wireless device. Please, forgive any potential misspellings! On Jun 1, 2010, at 9:52 AM, "Cor Rosielle" <[email protected]> wrote: > Nelson, > >> You're missing one point: Host IPS MUST be deployed with any Network >> Security (Firewalls os NIPSs). > Please be aware this is a risk decision and not a fact. I don't use > an host IPS and no anti Virus either. Still I'm sure my laptop is > perfectly safe. This is because I do critical thinking about > security measures and don't copy behavior of others (who often don't > think for themselves and just copies other peoples behavior). Please > note I'm not saying you're not thinking. If you did some critical > thinking and an host IPS is a good solution for you, then that's OK> > It just doesn't mean it is a good solution for everybody else and > everybody MUST deploy an host IPS. That's so 1990! NIPS and/or Firewall just protect you if you're inside the "borders"... But, come on. Who doesn't have a laptop nowadays? So, multiple protection layers is better than none, anyways. You have choices when adopting a security posture or, if you prefer, risk posture. I believe that it's quite difficult and almost impossible you stay updated with all the threads, due to exponential growth of them. > >> No security solution/technology is the miracle protection alone, > That's true. > >> so that's the reason everybody is talking about defense in depth. > Defense in depth is often used for another line of a similar defense > mechanism as the previous already was. Different layers of defense > works best if the defense mechanism differ. So if you're using anti > virus software (which gives you an authentication control and an > alarm control according to the OSSTMM), then an host IDS is not the > best additional security measure (because this also gives you an > authentication and an alarm control). Woowoo.. I cannot agree with you, because AV has nothing to do protecting end-point against network attacks. AV will alert and protect only when the thread already reached your end-point. Besides, there are other layers, such as: buffer overflow protection inside HIPS. Look that I am not talking abous IDS. 8) > This would also be a risk decision, but based on facts and the rules > defined in the OSSTMM and not based on some marketing material. You > should give it a try. It always is a risk decision, and I not basing MHO on any "standard", that's based on my background... And, AFAIK, nodoby can expect that users and/or server systems will be able to apply all or any update in a huge environment. > > Regards, > Cor Rosielle > > w: www.lab106.com > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
