PHPIDS

Hi there!

Have anyone tried PHPIDS? Is this really effective against kiddies and
penetration testers? Just read abt it on howtoforge, it would be great
to know your opinion.

I don't consider it as the only security solution for web-services -
but if it really does what it announces it may become another musthave
security tool on web-servers.


Regards,

Kirill "REDbyte" Novikov.

On Jun 23, 8:24 am, "redbyte.l...@gmail.com" <redbyte.l...@gmail.com>
wrote:[color=blue]
> Hi there!
>
> Have anyone tried PHPIDS? Is this really effective against kiddies and
> penetration testers? Just read abt it on howtoforge, it would be great
> to know your opinion.
>
> I don't consider it as the only security solution for web-services -
> but if it really does what it announces it may become another musthave
> security tool on web-servers.
>
> Regards,
>
> Kirill "REDbyte" Novikov.[/color]

I'd never heard of it before now, but looking at [url]http://php-ids.org/[/url]
raises more concerns than answers questions.

To begin with, IME, bolt-on security products are usually
fundamentally flawed in terms of the concept; really the only way to
add security to an existing system is to build in controls between the
layers of the system (like firewalls, mod_security, suhosin...).

Next, security in IT is a complex thing and needs to be understood
properly to be implemented - there is no documentation of what the
product actually does nor how to use it on the website - the
'documentation' link takes you directly to the output of PHPDocumentor
- and the comments in the code don't help much.

Next, messing about with the demo, it is obviously based on a rather
crude set of blacklist words - rather like a VERY crude virus checker.
As has been written elsewhere, this approach to detecting
innapropriate content will always be playing catchup with new attack
vectors.

Its not where I'd start when thinking about securing a PHP
application.

C.