March 17th, 2004, 09:54 PM
Thanks Tiger and Phish
I don't have any more to add to the discussion right now. At this point, I'm ready to collate my research into more concrete categories and begin running some experiments.
I'll be sure to post back to this thread if something comes to mind. I also plan to post my paper once completed (it is due at the end of April).
Thanks again everyone.
PS- I do have one last comment!
We install HIDS on 'high value' machines to give us that last/extra layer of defense. The 'oh shi7' as Tiger Shark put it. Does this effectivly label the machine as "Beware of Dog" or as "Eat at Joes"...?
Just a little philosophical food for thought to end on i guess
Ego is the great Logic killer
March 17th, 2004, 10:39 PM
bearing in mind that traditional HIDS do their work internally to the machine the ability to detect them without triggering them is severely hampered. In fact, in practical terms, anything that advertized the HIDS would be counter-productive... All you would be doing is telling your attacker which machines to avoid.
Does this effectivly label the machine as "Beware of Dog" or as "Eat at Joes"...?
So, in terms of your question I would suggest that a HIDS is more akin to the dog that is trained not to bark and to attack you from the rear when you enter the premises....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides