Linux Today: Linux News On Internet Time.

Security Portal: Network Intrusion Detection Systems and Virus Scanners - are they the answer?

Jan 09, 2000, 16:45 (0 Talkback[s])
(Other stories by Kurt Seifried)

"It takes a lot less effort to destroy and break things, than it takes to build and fix them. This is nowhere more evident then computer networks. Corporations, governments, universities and other organizations spend large sums of money on computer network infrastructure, and the cost of keeping them running is not trivial. And this doesn't even take into consideration malicious attacks and security controls which add even more cost to building and maintaining a network of computers...."

"Directly related to anti-virus software is intrusion detection software (sometimes refereed to as IDS or NIDS). I'm going to start with a brief explanation of the various intrusion software technologies and types since they overlap and can be somewhat convoluted. As a rule of thumb the software has to run on a computer system (that's a pretty safe rule for most software packages actually), and this machine can either be dedicated to the task of monitoring the network and other systems, or the software can be an additional component that runs on a production server...."

"Computer security doesn't come in nice shrink wrapped box for $99.95 (after a $50 rebate). Computer security is an ongoing process, with constant re-evaluation and changes, as new threats and solutions are released, you need to be able to react to them effectively. Ideally vendors would ship software that was not susceptible to viruses (this is possible), nor susceptible to user/network/random events resulting in improper operation (like giving someone a root shell remotely). This isn't going to happen for along time however (although there is a variety of hardening software becoming available)."

Complete Story

Related Stories: