Interview with Rafeeq Ur Rehman, author of "Intrusion Detection with SNORT"
by Mirko Zorz - Monday, 21 July 2003.
Debate of using open source and proprietary software for security related applications is not about which software is more secure; it is about support and responsibility in case of any security breach. Most of the business, who prefer to use proprietary software, need someone to be held accountable in such a situation and they also need support guarantee. Guarantee of support and insurance is not available with most of the open source products so people look for proprietary solutions. As for as security of open source products themselves are concerned, I believe they are more secure because security holes are more actively searched, found, and fixed in these products by people all over the world.

What do you think about the full disclosure of vulnerabilities?

I am against full disclosure of vulnerabilities. It does not serve any interest of people who are responsible for security related issues. Yes it may be helpful for hackers. As security professionals, we should be responsible to disclose security related things to only those people who will fix these problems (vendors or developers of open source products). Broadcasting information about vulnerabilities is not in the best interest of the security community.

What advice would you give to people starting to learn about intrusion detection?

I would suggest learning protocols headers and use of sniffers and protocols analyzers (e.g. Ethereal and tcpdump) first. Without knowing what protocols are, and how hackers exploit these protocols, it is difficult to implement a good IDS policy. For example, to detect port scanning, you must know how different flags in TCP header are used for port scanning. Similarly a sniffer is the most important tool under a security person's belt and you must learn and use it extensively.

What are your future plans? Any exciting new projects?

Other than my routine job at Dedicated Technologies, I am working on open source projects to integrate some of these products into solutions so that they can be easily used by security administrators. I am also working on a series of open source books as well.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th