Wavelet Blog

Koi Palace (鲤鱼门) at Daly City has been famous for its Cantonese cuisine. Someone even named it the best Chinese restaurant in Bay Area. It opened an branch restaurant in Dublin, Koi Garden, which is much closer to us. We finally got chance to have a Dim Sum lunch today.

The city of Dublin has a lot of new establishments. The view is open, the street is wide and clean, even the Chinese stores are more trendy than many other places. We waited about 20 mintues to get a table. It’s a little crowd inside. You’ll get food faster to order the Dim Sum instead of waiting for the waiters to bring them to you. We tried a couple of new dishes, besides traditional “凤爪 (chicken feet)” and “排骨 (ribs)”. The Dim Sum are fresh, hot, certainly among the best we have tasted. I am not sure if it is much better than the other new Cantonese restaurant, 顺峰渔港  (Asian Pearl), that we recently checked at Froment; or if it is not as good as the original restaurant. Only the food critics can tell, I guess.

In the latest episode of “American Idol“, Carrie Underwood & Randy Travis sang Randy’s No.1 hit “I told you so”. It brought back a lot memory of my undergraduate days. I heard this song in the most popular TV show of that time in China, ‘正大综艺’. Unfortunately, I couldn’t find the original MTV video online. I am not young and not any more the boy who tasted what love is for the first time, but it is still a very beautiful and touching song.

Snort thread run an active discussion on topic “ROI on IDS/IPS products”. The one who initiated the discussion asked the question about how to measure the ROI (return of investment) on IDS/IPS products, by giving an example that a company removed their IPS deployment after 2-year of usage because the return didn’t justify the cost of maintenance and personnel.

It is interesting that someone compared the money spent on IPS with the car insurance. It is true that there is no quantitative way to calculate the ROI for either of these two models. But I also think that they are different in that, for car insurance, the insured pays a small amount of money to cover a potentially much bigger loss and the cost is shared by the community; in the case of IPS, the customers pay the price specifically for the device and service they buy and deserve to ask for the quality that the vendor claims.

Certainly, the customer should not expect IPS can solve all security issue in the network. IPS should be one building block of the whole defense-in-depth strategy. Other products like firewall, anti-virus, patch-management and identity-management system also play important roles in this strategy.

On the other hand, IPS has its own problems. It is an industry consensus that IPS is not a device that you can leave in the basement and never touch again. To make it really useful, continuous monitoring and updating are required. This is partly because IPS is dealing with applications which is way more complicated, flexible and dynamic than TCP/IP level protocols that router/switch works on.

On the positive side, IPS technology has reached the stage that, some products do provide great configurability, extensive reporting and analysis tools and, most important, much improved stability and quality. False-positives are greatly reduced through intensive research efforts. Fine-tuning the products has become much easier for the administrators, so that IPS can be relied on to play its role in the network.