[Dshield] Security in Layers

Tony Earnshaw tonye at billy.demon.nl
Fri Mar 26 21:19:34 GMT 2004

fre, 26.03.2004 kl. 00.21 skrev John Holmblad:


I really appreciated this answer and its content. You know, what I'd
really like to see would be co-operation between Microsoft and "the rest
of the world".

> I should add that other industry voices have expressed concern about the 
> complexity of managing an IDS environment so in that sense Jesper 
> Johanssen is not a lone voice although he may be in the minority.  
> Recall the following ruckus from last summer (now old news) after 
> Gartner's declaration of the death of IDS:
> http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci905961,00.html

This was a very interesting summary; I'm no Gartner, so my opinion is
probably valueless - and obviously firewalls are the first line of
defense from outside one's network. But intruders can come from within
one's network as well, and there will always be a need to monitor
traffic coming in both directions through a firewall, and on both sides
of it. Moreover, IDS for a Unix person is far more than simply
monitoring a network connection, being also effective accounting of

> In fact for small and medium enterprises, an outsourced monitoring 
> solution (e.g. Counterpane - www.counterpane.com) might be more cost 
> effective than having inhouse IDS/IPS expertise and systems.

Agree utterly. However, that's no argument against IDS.




mail: billy - at - billy.demon.nl

More information about the list mailing list