[Dshield] Security in Layers

john beck jbeck80 at hotmail.com
Thu Mar 25 14:31:48 GMT 2004


Did any see the MS webinar on pen testing yesterday?  The expert, Jesper M. 
Johansson, Ph.D manager of security business unit at microshaft, said that 
IDS and IPS are not effective and cause more complexity and problems than 
they are worth and recommends not deploying.  He points out, and it was not 
in presentation but in questions afterwards, for example an IPS blocking a 
known bad "get process" but doen't block the wrapper of the get process, I 
did not catch the name, but could look it up, therefor allowing it through.  
I was surprised to hear him say that about ids/ips.  I did not get to 
question, but if you don't police the wire how do you know when there is 
malicious activities going on?  I assume the good doctor is not a member of 
SANS:)

2¢

_________________________________________________________________
Get reliable access on MSN 9 Dial-up. 3 months for the price of 1! 
(Limited-time offer) 
http://join.msn.com/?page=dept/dialup&pgmarket=en-us&ST=1/go/onm00200361ave/direct/01/




More information about the list mailing list