:Security Portal: Network Intrusion Detection Systems and Virus Scanners - are they the answer?
Security Portal: Network Intrusion Detection Systems and Virus Scanners - are they the answer? Jan 9, 2000, 16 :45 UTC (0 Talkback[s]) (4574 reads) (Other stories by Kurt Seifried)
"It takes a lot less effort to destroy and break things, than it
takes to build and fix them. This is nowhere more evident then computer networks.
Corporations, governments, universities and other organizations spend large sums of
money on computer network infrastructure, and the cost of keeping them running is
not trivial. And this doesn't even take into consideration malicious attacks and
security controls which add even more cost to building and maintaining a network of
computers...."
"Directly related to anti-virus software is intrusion detection software (sometimes refereed to as IDS or NIDS). I'm going to
start with a brief explanation of the various intrusion software technologies and types since they overlap and can be
somewhat convoluted. As a rule of thumb the software has to run on a computer system (that's a pretty safe rule for most
software packages actually), and this machine can either be dedicated to the task of monitoring the network and other
systems, or the software can be an additional component that runs on a production server...."
"Computer security doesn't come in nice shrink wrapped box for $99.95 (after a $50 rebate). Computer security is an ongoing
process, with constant re-evaluation and changes, as new threats and solutions are released, you need to be able to react to
them effectively. Ideally vendors would ship software that was not susceptible to viruses (this is possible), nor susceptible to
user/network/random events resulting in improper operation (like giving someone a root shell remotely). This isn't going to
happen for along time however (although there is a variety of hardening software becoming available)."
