[Tfug] Lightweight IDS options/strategy/policy
vaca at grazeland.com
vaca at grazeland.com
Tue Sep 24 22:18:47 MST 2013
Tuning of an IDS can be very time consuming for some of the reasons mentioned here. When is it innocent? When is it a virus or a hacker? That doesn't mean, however, that in a secure environment you just omit it.
IDS is a basic building block for secure networks. It is part of any comprehensive defense-in-depth strategy...as would be a documented and rehearsed security incident response plan.
Tyler
On Sep 24, 2013, at 10:12 PM, Bexley Hall <bexley401 at yahoo.com> wrote:
> Hi Kramer,
>
> On 9/24/2013 3:08 PM, Kramer Lee wrote:
>> The best thing would be to be able to keep packets of your information
>> from going out of the computer. So what if there is an intrusion? it
>> only is a problem if there is an outflow of information as a result of
>> the intrusion.
>
> Think about it. Would you tolerate something on your
> "personal" internet if it *couldn't* "dial out" -- but
> *could* interfere with the operation or integrity of
> your stuff?
>
> I can contain attacks so they can't "do" anything (even
> for an adversary "on the inside" -- though I can't prevent
> certain types of DoS attacks ).
>
> But, how do I tell the user (internet owner/administrator) that
> something is (possibly) *trying* to "harm" (?) him -- even if
> I've neutralized the threat?
>
> And, what do I tell him to *do* in that event? "Worry"? :<
>
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
More information about the tfug
mailing list