[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IDS (Crypto-Gram March 2001)
fyi,
few words from Schneier in his monthly letter Crypto-Gram related with
IPSec (in IDS context).
regards, esms
Eduardo Souza Machado da Silva
http://LagoadaConceicao.com.br/~esms
[ http://www.counterpane.com/crypto-gram-0103.html#9 ]
The "Death" of IDS?
[...]
These two problems are nothing new, but several recent developments
threaten to undermine IDSs completely.
First is the rise of IPsec. IPsec is a security protocol that encrypts IP
traffic. An IDS can't detect what it can't understand, and is useless
against encrypted network traffic. (Similarly, an anti-virus program can't
find viruses in encrypted e-mail attachments.) As encryption becomes more
widespread on a network, an IDS becomes less useful.