[517] in Intrusion Detection Systems
Re: Intrusions
daemon@ATHENA.MIT.EDU (Greg Foulds)
Tue Jan 30 22:32:14 1996
Date: Tue, 30 Jan 1996 10:25:11 -0500 (EST)
From: Greg Foulds <gfoulds@asel.udel.edu>
To: ids@uow.edu.au
In-Reply-To: <01BAED5D.039EF340@pgs.port.net>
Reply-To: ids@uow.edu.au
On Sun, 28 Jan 1996, Paul G. Seldes wrote:
> One thing to keep in mind is that it is often to ensure that intruders can't do anything on a system rather than try to prevent them from intruding in the first place.
> If you break into a safe, and there is nothing there....you leave.
> This angle works for many businesses and users.
Why not do both? If I ran a business, left nothing inside the building
at night to be stolen, and then left the front doors wide open and
ungarded....what's to stop some idiots from going in and burning the
place down? I would rather stop however many intrusions I could on my
system, as well as keep sensitive information offline. This may not stop
a determined cracker from getting in, but it will keep out college
freshmen with exploit scripts they know nothing about from rm -rf'ing my
system. (And I'm sure I'd much rather tell my client or boss that I had
done my best to prevent intrusions, some morning when we find our system
erased....instead of saying that I'd done nothing but made backups in
case this happened....)
-Greg
Finger for PGP info.
