[Dshield] IPS/IDS solutions--your opinions?

[Tom]

Valdis,

In a way they already have. Consider Societe Generale. Contrary to 
their spin, this guy was no computer genius. In fact as near as I can 
tell from the writeups, he was just a average, non computer fraudster 
that leveraged his own kind of social engineering upon fixed 
organizational audit policies.

Its not a computer "worm" but a worm nevertheless exploiting naive 
security procedures.  Man or machine its the same security issue.

Tom

At 5:45 PM -0500 1/28/08, Valdis.Kletnieks at vt.edu wrote:
>Content-Type: multipart/signed; boundary="==_Exmh_1201560352_2826P";
>	micalg=pgp-sha1; protocol="application/pgp-signature"
>Content-Transfer-Encoding: 7bit
>
>On Mon, 28 Jan 2008 11:38:59 PST, Pete Cap said:
>>  Folks who can bust out perl or submit SQL queries or handle 200 sensors
>>  worldwide without the support of a large company are not all that common.
>
>And today's scary thought - this means that at most companies, security is
>being handled by people who *don't* understand perl or SQL or how to manage
>200 sensors...
>
>The talent pool is incredibly shallow, and one day it will come back to
>haunt us - consider all the banks and other businesses that didn't *realize*
>they had a problem when Nachi came out.  Imagine what would happen if they
>got targeted by something that was *trying* to fly under the wire...
>

-- 

Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/
US Phone Numbers: 321-984-3714, 321-729-6258(fax), 
321-258-2475(cell/voice mail,pager)
Text Paging: http://www.oitc.com/Pager/sendmessage.html
AIM/iChat: trshaw at mac.com

The policy of relying on market forces that the Bush administration 
claimed for seven years would propel broad access is irresponsible 
and insufficient

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin