Firewall Wizards mailing list archives
Re: IDS outside of firewall?
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Mon, 03 Aug 1998 11:14:11 -0400
Are there advantages to putting an IDS on the outside of the firewall?
As far as I can tell the main use is twofold: One - to detect when auditors run scans against your network. They get All Happy when you notice that they do that. If you don't have audits then don't worry about it. Two - to tell senior management that the firewall is working (maybe) or at least that the network is being brought under attack and that they should keep paying to have a security person on staff. We've talked repeatedly of setting up an NFR backend that plays .AU files to a sound card, so we can have the IDS sit there in the computer room mumbling to itself, "ow! bad frag! nyaa nyaah! oof! biff! nice try you sneaky rat!" etc whenever a different attack is detected... We could probably market that as multimedia security interface(tm) or something and Wall St would want to have our children. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- IDS outside of firewall? Rik Farrow (Aug 02)
- Re: IDS outside of firewall? Jennifer Galvin (Aug 03)
- Re: IDS outside of firewall? Craig H. Rowland (Aug 03)
- Re: IDS outside of firewall? Joseph S. D. Yao (Aug 03)
- Re: IDS outside of firewall? Jeff Sedayao (Aug 05)
- Message not available
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Jennifer Galvin (Aug 03)
- Re: IDS outside of firewall? Woody Weaver (Aug 03)
- Re: IDS outside of firewall? Henry Hertz Hobbit (Aug 04)
- Re: IDS outside of firewall? Woody Weaver (Aug 05)
- Re: IDS outside of firewall? Henry Hertz Hobbit (Aug 04)
- Re: IDS outside of firewall? Stephen P. Berry (Aug 03)
- <Possible follow-ups>
- Re: IDS outside of firewall? Ryan Russell (Aug 03)
- Re: IDS outside of firewall? Jennifer Galvin (Aug 03)
- Re: IDS outside of firewall? Ryan Russell (Aug 03)
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Jeff Maddox (Aug 04)
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Paul Howell (Aug 04)