[Discussion] What are we making? -- CLIENT Side

• Previous message (by thread): [Discussion] What are we making? -- CLIENT Side
• Next message (by thread): [Discussion] What are we making? -- CLIENT Side
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

In my humble honest opinion we should stay out of the client side game, 
there are plenty of products that serve those needs.  If you want to 
dabble in that client side may I suggest research into behavior based 
detection/mitigation of malware. (its the hot new freshness)

That being said there is tons of movement in that arena in place, and in 
all honesty the weakest link at this point in time IS NOT client side 
technology (the issue there is ADOPTION of what is currently available 
IMHO).   What is absolutely horrible in its current state is IDS/IPS, as 
it simply can not keep up with application layer attacks.  Granted this 
is easier to handle on the client side, but who exactly wants easy 
anyways?  If you can create the right technology that scales properly 
and put it in the "cloud" you will be light years ahead of the rest of 
the industry as far as capability. 

As this group seems to be more of a "here is some grant money, come up 
with something interesting and creative", I dont think the value is 
really there to produce carbon copies of existing technology for the 
client side.   Not to say that there wouldn't be value in a open source 
alternative to current commercial offerings for endpoint security, I 
just think this opportunity should not be spent chasing the known.  We 
should look at this as an opportunity to prove a few crucial points.

1.  This community can work together in an effective collaborative 
approach to produce something of value.
2.  An open and transparent approach can produce meaningful results. (in 
reference to point 1)
3.  We can in fact "build a next-generation intrusion detection and 
prevention engine"

Lets try to focus on what works, what doesnt work, and what doesnt exist 
yet.

(again just my two cents)


An example of how horrible IDS/IPS is in its current state can be seen 
by using the technique used in eescan from Matt Richards.  Pay 
particularly close attention to the "random chunks" of exploit 
feature.   No IDS I know of can properly handle such a technique of 
obfuscation, and this illustrates the massive weakness of NIDS.

www.eescan.net/downloads/DC15.pdf
http://code.google.com/p/eescan/

Andre Ludwig

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.0 (Build 397)
Charset: ISO-8859-1

wsBVAwUBSP4a18jAfVnRK9hXAQjKoQf/V4XDUOYJgHyY9xn5s+3xbwcBSyY990/c
6j1XGSkS8oqyVNGHhSbCorHS9Gy0S2f4LYtMXQqftQ/P/aKkzmha9b807QpF3Pu8
yL9ofUnBUQR7x1moTJ2Ep04xYv/uRzIA8FrxY6anIIgwjRQbDoyksoaSODm8sNkS
m7sKEgXu6anLRbZWLlQsDOW+n0/pSPWgfQfUm6G2L06oSZ7PChU1II5PdOeJA+QB
HL3yJs0hbF9gIQz8OmtrSKlfCJjA8xrCWk3dHNEQ2TyD4qbasnePbNVIJ7XqFOp6
gXc6uQKVSABgjeSzGlH/LtruImh1ma5foOTw2+LVkJHALLDv4Kcdvg==
=73dN
-----END PGP SIGNATURE-----

• Previous message (by thread): [Discussion] What are we making? -- CLIENT Side
• Next message (by thread): [Discussion] What are we making? -- CLIENT Side
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]