Slashdot Mirror

← Back to Stories (view on slashdot.org)

Network Intrusion Detection Systems Fail to Impress

Posted by michael on from the got-root dept.

TheBongPipe writes "I'm reading a nice test here about 7 commercial IDSs. Who won the prize? Nobody..." They also looked at Snort, but found that all the products generated way too many false alarms.

7 of 211 comments (clear)

  1. False Positives... by Liora · · Score: 4, Funny

    Like a pregnancy test, I think the false positives are preferable to sitting around thinking you're safe.

    --
    Liora
  2. Always compare with a placebo by Anonymous Coward · · Score: 5, Funny

    Compare with my program that suddenly displays "!!! RED ALERT !!!" at random.

    1. Re:Always compare with a placebo by alienmole · · Score: 5, Funny

      Why use your program when we already have the Homeland Security Advisory System to raise meaningless alerts at random?

  3. Re:What does everyone use by Lord_Slepnir · · Score: 5, Funny
    I use snort, but it's not easy to set up and tweak properly, way too many false alarms.

    Yeah, me too. All that special lab equipment to refine it, and the look out always saying the cops are coming when half the time it's just a meter-maid....

  4. Everything's OK! by runlvl0 · · Score: 3, Funny


    Homer: Now, here's my "Everything's O.K."alarm!
    [Homer flips a switch on the device, and it begins to emit a high pitched, incredibly loud beep. The rest of the Simpsons cover their ears as Homer speaks up]
    Homer: This will sound every three seconds, unless something isn't okay!
    Marge: Turn it off, Homer!
    Homer: It can't be turned off! [alarm fizzles out] But it, uh, does break easily.
    -- "The Wizard of Evergreen Terrace"

    This sounds about as useful.

    --

    Carthago delenda est!
  5. Darned "false alarm" criterion. by dave_mcmillen · · Score: 2, Funny

    They also looked at Snort, but found that all the products generated way too many false alarms.

    Curses, foiled again! If it weren't for that pesky "not too many false alarms" requirement, I'd be able to create terrific security software. I'm picturing a system that generates a "WARNING: NETWORK SECURITY BREACH" message every five minutes, rain or shine. Keeps the sysadmins on their toes, and foils all network intruders who aren't fast enough to be in and out in five minutes.

  6. Re:Car Alarms by Asprin · · Score: 3, Funny

    Like Car Alarms, if it goes off all the time, people will just ignore it -- At some point, the noise drowns out the signal.

    Yup, yup, I *know* what you mean!

    I've got RAID array in my office that's part of the main production file server and there's this alarm that's been going off for, like, 16 MONTHS on the thing. Don't worry, it's not important - it's only a fan in the back of the drive tray that gets stuck sometimes, then it works itself loose and everything goes back to norm@#&$%@#$89d sifsd00JE{PGJE....

    --
    "Lawyers are for sucks."
    - Doug McKenzie