[Tfug] Lightweight IDS options/strategy/policy
Bexley Hall
bexley401 at yahoo.com
Wed Sep 25 02:25:51 MST 2013
Hi Tyler,
On 9/25/2013 1:17 AM, vaca at grazeland.com wrote:
> IDS is a part of a comprehensive security program. I don't think anyone
> is suggesting it as a replacement for perimeter security, OS hardening,
> anti-malware software, strong policies, etc.
The *tougher* problem is how you deal with (3rd party) "apps" running on
the system. Do you prevent them from dialing out (not practical even
if they are "PULLing" information as it is easy to set up a covert
channel that appears to only be "reading" from the outside world)? Or,
do you restrict what they can *see*? (i.e., only let them see things
that you don't care if they "disclose")
How do you create tools that let the *user* decide what he considers
"public" information vs. private (so your mechanisms can apply the
appropriate safeguards)?
More information about the tfug
mailing list