O'Reilly logo

The Myths of Security by John Viega

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 13. Why Most People Shouldn’t Run Intrusion Prevention Systems

The IT security industry is filled with plenty of technologies that work, but don’t do enough—technologies that sell, even if they’re not particularly cost-effective. One of the most pervasive security technologies that typically isn’t cost-effective is the intrusion detection/prevention system. Some vendors might have you believe every company needs this kind of technology, but I’m not so sure. Particularly, I think small companies should be careful to think about whether it is really going to be a cost-effective solution.

The idea behind network-based intrusion detection and intrusion prevention systems (NIDS and NIPS, respectively) sounds pretty appealing. Stick a box on your network that will look at all traffic. The box will do some analysis and tell you when you’re being attacked (in the case of a NIDS) or even drop attacker traffic automatically (in the case of a NIPS).

It sounds like a good thing to have all that insight into what’s happening on your network, because it’s insight that you didn’t have before. But turn on your typical intrusion detection system for the first time, and you will get spammed. Intrusion detection systems regularly give off over 10,000 alerts a day.

Clearly, not all of those alerts map to real intrusions, but it’s clear that to get value out of an intrusion detection system, you need to be able to separate some of the good alerts from the many irrelevant ones.

Why are intrusion ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required