[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IDS (Crypto-Gram March 2001)




fyi,

few words from Schneier in his monthly letter Crypto-Gram related with
IPSec (in IDS context). 

regards, esms

 Eduardo Souza Machado da Silva
 http://LagoadaConceicao.com.br/~esms 





[ http://www.counterpane.com/crypto-gram-0103.html#9 ]


The "Death" of IDS?

[...]

These two problems are nothing new, but several recent developments
threaten to undermine IDSs completely. 

First is the rise of IPsec. IPsec is a security protocol that encrypts IP
traffic. An IDS can't detect what it can't understand, and is useless
against encrypted network traffic. (Similarly, an anti-virus program can't
find viruses in encrypted e-mail attachments.)  As encryption becomes more
widespread on a network, an IDS becomes less useful.