Nicholas Murphy wrote:
>I have not wanted to jump on this bandwagon, but here are my 2 cents.
>Lets say I am a small company with 10 to 150 employees and I know that the
>internet is a "dangerous" place and I have valuable data on my internal
>systems.
>Since my company has a very small IT budget (or no budget) because the
>powers that be do not want to spend money on technology. Are most of you
>saying that this small company should just go without any IDS or firewall
>because they do not have the money for it?
>
I am saying, specifically, that organizations with small IT budgets
should go with a firewall, and without IDS. Firewalls are very
cost-effective, and everyone should have one. "Personal firewalls" are
also very cost effective. Network IDS are NOT cost-effective: they
either cost a lot (if you do the monitoring) or they are not effective
(if you mostly ignore them and only monitor occasionally).
> Or you would all of you agree
>that something is better than nothing? Then what is the problem with
>Anitians solution.
>
I'm not sure, as I don't understand the Anitian solution:
* If it is occasional log inspection (as Wil Cooley described his
service) then that's just dandy; it is cost-effective.
* If it includes a NIDS, which is only monitored occasionally, then
the NIDS is a waste of money, and should be dumped.
I'm not complaining about Anitian specifically, or saying that
occasional monitoring is a waste. I'm just saying that NIDS without
constant monitoring is a waste, and that NIDS in general is a game for
organizations with large IT/security budgets.
Crispin
--
Crispin Cowan, Ph.D.
Chief Scientist, WireX http://wirex.com/~crispin/
Security Hardened Linux Distribution: http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Fri Aug 30 2002 - 10:30:30 PDT