Firewall Wizards mailing list archives
Re: IDS outside of firewall?
From: Jeff Maddox <jeff.maddox () ssds com>
Date: Tue, 04 Aug 1998 09:34:21 -0600
I see the problem with inside monitoring being resources. How do I convince upper management (in particularly since I am a consultant and not part of their power structure, [I know that sometimes that actually makes it easier but not usually]) to spend the money for the manpower (as we all know equipment is a hell of a lot cheaper that capable people) for outside monitoring, much less inside monitoring. We have all been telling customers for years that the greatest threat is from the inside and, yet, very few companies have something near adequate internal security against cookbook crackers much less talented ones. At 10:26 PM 8/3/98 -0400, Marcus J. Ranum wrote:
Ryan Russell wrote:Marcus, you're in a good postion to comment... If I only have budget for one, where's the best place to put it?I'd stick it inside, mostly because if it were outside it'd likely generate too many uninteresting alerts (where I define "uninteresting alert" as one that notifies you of an attack launched against your firewall that you know your firewall can block). I might go further and configure it to have different alert levels for intrusion signatures directed against key internal systems (servers and whatnot) and outgoing through the firewall (naughty insiders running up the risk of big legal bills). mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Jeff Maddox SSDS Inc. jeff.maddox () ssds com
Current thread:
- Re: IDS outside of firewall?, (continued)
- Re: IDS outside of firewall? Jeff Sedayao (Aug 05)
- Message not available
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Woody Weaver (Aug 03)
- Re: IDS outside of firewall? Henry Hertz Hobbit (Aug 04)
- Re: IDS outside of firewall? Woody Weaver (Aug 05)
- Re: IDS outside of firewall? Henry Hertz Hobbit (Aug 04)
- Re: IDS outside of firewall? Stephen P. Berry (Aug 03)
- Re: IDS outside of firewall? Ryan Russell (Aug 03)
- Re: IDS outside of firewall? Jennifer Galvin (Aug 03)
- Re: IDS outside of firewall? Ryan Russell (Aug 03)
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Jeff Maddox (Aug 04)
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Paul Howell (Aug 04)
- Re: IDS outside of firewall? ark (Aug 05)
- Re: IDS outside of firewall? Joseph S. D. Yao (Aug 06)