Firewall Wizards mailing list archives

Re: Intrusion Detection

From: "Paul D. Robertson" <proberts () clark net>
Date: Tue, 14 Apr 1998 14:06:43 -0400 (EDT)

On Tue, 14 Apr 1998, Marcus J. Ranum wrote:

      There are really only 2 good reasons I can think of for ID systems:
1) To develop a threat level model as to how often you are attacked
2) To detect clueless people inside your organization who are attacking
      outside sites


3) To detect clueless people inside your organization, or with access to 
   your facilities who are attacking your own systmems.

4) To trend traffic to detect possible tunnels through allowed protocols 
   like HTTP or SSL.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                     PSB#9280

Current thread:

Intrusion Detection shantanu bhattacharya (Apr 14)
- Re: Intrusion Detection Marcus J. Ranum (Apr 14)
  - Re: Intrusion Detection tqbf (Apr 14)
- Re: Intrusion Detection Adam Shostack (Apr 14)
  - Re: Intrusion Detection Marcus J. Ranum (Apr 14)
    - Re: Intrusion Detection Paul D. Robertson (Apr 14)
    - Re: Intrusion Detection Adam Shostack (Apr 15)
    - Re: Intrusion Detection Marcus J. Ranum (Apr 15)
    - Re: Intrusion Detection Aleph One (Apr 14)
    - Re: Intrusion Detection Marcus J. Ranum (Apr 14)
    - Re: Intrusion Detection Aleph One (Apr 14)
    - Re: Intrusion Detection Adam Shostack (Apr 15)
    - Re: Intrusion Detection M. Dodge Mumford (Apr 14)
    - Re: Intrusion Detection emaiwald (Apr 15)
    - Re: Intrusion Detection Marcus J. Ranum (Apr 15)
    - Re: Intrusion Detection Marcus J. Ranum (Apr 15)

(Thread continues...)