[Dshield] Security in Layers
jbeck80 at hotmail.com
Thu Mar 25 14:31:48 GMT 2004
Did any see the MS webinar on pen testing yesterday? The expert, Jesper M.
Johansson, Ph.D manager of security business unit at microshaft, said that
IDS and IPS are not effective and cause more complexity and problems than
they are worth and recommends not deploying. He points out, and it was not
in presentation but in questions afterwards, for example an IPS blocking a
known bad "get process" but doen't block the wrapper of the get process, I
did not catch the name, but could look it up, therefor allowing it through.
I was surprised to hear him say that about ids/ips. I did not get to
question, but if you don't police the wire how do you know when there is
malicious activities going on? I assume the good doctor is not a member of
Get reliable access on MSN 9 Dial-up. 3 months for the price of 1!
More information about the list