[413] in Intrusion Detection Systems
some thoughs
daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Tue Nov 21 04:30:50 1995
Date: Mon, 20 Nov 1995 11:42:00 -0500 (EST)
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
To: ids@uow.edu.au
In-Reply-To: <199511170248.NAA00150@lordmuck.itd.uts.edu.au>
Reply-To: ids@uow.edu.au
Hi,
There is something that never failed to amaze me : the attitude
of a lot of SAs. First of all let me tell you several things that attract
my attention on conferences: did you notice that during security
workshops and tutorial most of people look with wide eyes at you if you
tell them about methods that intruders use? Did you notice a number of
people who say that their system were never broken into while you know
that they export filesystems to world? The same people would say that
they rely on the most advanced intrusion detection systems from Blah Inc
that cost them $50,000 a year to maintain. etc, etc, etc.
Why do we trust our vendors when they say that their systems are
secure? What are the checks that we perfom before we bring a system onto
the netwotk? Do we perform them at all or do we just blindly assume that
if there is no patch out there, there is no problem? Is it that we do not
want to bother with it or is it that we do not know where to look?
I would appreciate your comments...
Best wishes,
Alex
============================================================================
Alexander O. Yuriev Email: alex@bach.cis.temple.edu
CIS Labs, TEMPLE UNIVERSITY WWW: http://bach.cis.temple.edu/personal/alex
Philadelphia, PA, USA
KeyID: 1024/D62D4489 Key Fingerprint: AE84534377CCC4E2 37B13C4D8CD3D501
Unless otherwise stated, everything above is my personal opinion and not an
opinion of any organisation affiliated with me.
=============================================================================
