TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
> And what is the difference between an "in-line IDS and firewall
> combination" and Snort/IPChains, PF, IPFilter, or any of the other
> firewalls that Snort will dynamically configure? Neither you or ISS has
> shown anything inherently different about the two (other than the
> marketing).
Tell you what, build a Snort/IPChains dynamic system and put it out on the net
and I'll test it. To date, dozens of people have told me they can do exactly
what you claim, and not a single one of them has ponied up the instructions &
binaries to do it.
> > Have you ever actually supported a Snort system in a real environment?
>
> Yes. It works quite well.
Works, sure. After you spend about two weeks tuning it, tweaking signatures,
and building a replication infrastructure to centralize the database. Sure it
works. But it takes weeks to get working.
> Gee, I wish you'd qualified your last post with all this information.
> So, really, unless you're an enterprise level customer, you don't need
> to customize Snort. Almost everyone can benefit from it.
Hardly. Snort is like long-division. A great way to learn about IDS and a great
solution for organizations that just want to play around and test out things.
But when you get serious about deploying IDS in a distributed enterprise, Snort
is really hard to work with. That doesn't mean it can't be done. But I think
most companies come to the conclusion that its better to go with a commercial
product, even a commercial Snort sensor like Sourcefire.
That said, its a trade off. Sure, Snort will work great in an enterprise. And
if you have the expertise to do it, then do it. But Snort is by no means the
"best" solution. It has numerous drawbacks. And any decent IT veteran would
know how to objectively analyze those drawbacks.
> How many enterprise-level customers do you have that want a drop-in
> solution to their problems? They know that it's worth the time and
> money to get what they want. The thing to think about here isn't that
> the customization had to be done, but that it could be done at all; ISS
> won't provide you or any of your contractors with the ability to
> customize their code for your needs.
Sure they will. They provide me.
> Well, since I've provided you with the evidence you're always asking
> for, at least you could reciprocate. What makes IPS more than another
> marketing buzzword?
That's a big, long discussion. This entire thread really isn't for TECHWR-L.
Go to Security Focus, post that same question in the Focus-IDS forum, and you
will get a lot of answers.
> Heh, that's funny coming from someone who has made money from the open
> source business model. How do you think you were able to make
> customizations to Snort and not be forced to release them to anyone
> else but the enterprise customer who contracted you? That's how open
> source works.
Oh sure, I've made money off open source. I've sold a lot of boxes that use
open source. But, I've also made a lot MORE money supporting Windows boxes.
Because there is a lot more of them to support.
> Think of software as a service, not a product and you'll be well on
> your way to understanding how the open source business model works.
Isn't that EXACTLY what Bill Gates says? Trippy dude.
Oh I have read that. You should follow the entire thread of that debate. Its an
interesting debate and it has a lot of sides. It also does not end like you
think it does.
> This explains exactly why the owner of Snort decided to fork the code.
> It has nothing to do with economics.
The owner didn't fork the code. Marty still holds the code as does the key
developers. Snort was NEVER handed over to a consortium. Read the entire
thread, dude. It doesn't come to the conclusion you think it does.
> As responding to hyperbole and opinion about business is taking to much
> of my time, consider this my last post on anything but Linux security
> vs Windows security. You've dragged this thread everywhere around the
> subject, instead of keeping to the issue (read the subject line, incase
> you've forgotten). It is getting less and less meaningful to the
> primary audience, and is becoming more and more a public flame-war.
Which that in and of itself represents the fundamental problem with these
discussions. They are steeped in a holy war, not honest to God capability.
And I think this has a marginal lesson for TEWCHWR-L. I think Eric will decide
when we're out of bounds. I suspect he has let it go because it interest him
and from the private messages I've gotten, others are also interested.
> The economics of Linux are a completely irrelevant matter.
Oh God, no they are not! If you run a business or organization where revenue
(funding) and expenses are important, than the economics of open source are
critical. And security challenges are a cocktail of different, and sometimes
competing issues. Economics plays a huge role in security issues. Many
organizations cannot afford the kind of security that a big company can. As
such, they must make do with more creative solutions. Ones that take into
account not only funding, but also platforms, support, documentation -
everything.
And this is where this issue should interest documentation people. This type of
"multi-dimensional" problem solving is at the heart of any decent documentation
set as well as security initiatives. I consider my documentation skills the
most valuable resource in my security training because writing docs taught me
how to look at an issue from multiple points of view simultaneously. How to
analyze scenarios, see the bigger picture, and not fall victim to hype and BS.
And one of the reasons I push back on the open source community is because it
practices a rather typical form of hype.
Security is a multi-dimensional problem. This is why things like "XYZ platform
have more security potential" are highly misleading claims. Its just not that
simple. There are thousands of factors at work. Merely using XYZ platform does
not mean you are secure or even have a greater possibility of being secure. The
security puzzle has a lot more pieces than that. And economics is a big,
multi-faceted piece of that puzzle
And any decent documentation person should respect that, because a good doc set
also has many puzzle peices. Using FrameMaker doesn't mean good docs or even
the potential for good docs. There are a lot more factors at work to affect the
quality of those docs than merely a software package.
Andrew Plato
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Help Authoring Seminar 2003, coming soon to a city near you! Attend this
educational and affordable one-day seminar covering existing and emerging
trends in Help authoring technology. See http://www.ehelp.com/techwr-l2.
A new book on Single Sourcing has been released by William Andrew
Publishing: _Single Sourcing: Building Modular Documentation_
is now available at: http://www.williamandrew.com/titles/1491.html.
---
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit http://www.raycomm.com/techwhirl/ for more resources and info.
