[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: Re: [fw-wiz] Log checking?
From: Bennett Todd <bet () rahul ! net>
Date: 2004-10-06 17:14:06
Message-ID: 20041006171406.GA749 () rahul ! net
[Download RAW message or body]
(sorry about the late reply, catching up after a week away)
2004-09-30T15:24:40 Paul D. Robertson:
> But, again- IDS is "known bad"- we don't get IDS signatures for
> "stuff we don't know is good."
I think both anomaly analysis ("stuff we don't know is good") and
IDS (stuff we know is bad) have value to add. Anomaly analysis is
the way to catch new or one-off attacks. It's expensive, though. IDS
is very cheap, catches consequences of config errors, user
stupidity, etc., and has the additional advantage that (at least
with signature-based network IDS, e.g. snort) it identifies the
attacks detected with links to descriptions.
-Bennett
[Attachment #3 (application/pgp-signature)]
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic