Firewall Wizards mailing list archives
Re: Important Comments re: INtrusion Detection
From: Aleph One <aleph1 () dfw dfw net>
Date: Mon, 16 Feb 1998 20:40:31 -0600 (CST)
On Mon, 16 Feb 1998, Paul M. Cardon wrote:
While a proxy CAN obtain much of that information, we are left providing protection only at the network perimeter so any internal attacks can once again be carried out undetected. Uggh. This is looking to be a familiar scenario: networks with a hard, crunchy shell at the network perimeter and a soft, chewy middle where the INTERNAL threat protection provided to internal hosts is inadequate. Does this mean that ID needs to be done at the host level or in other words at every connection end-point? What other possibilities do we have? I think we've seen similar questions before. The problems with that approach are one of the reasons why we have firewalls in the first place.
This situation creates a whole new line of products for the IDS industry. In particular an IDS built on top of a LAN switch that normalizes traffic. Very similar in concept to and IDS built on top of a firewall that normalizes traffic. The issue is that we have to move away from broadcast networks. Such systems could be designed do distribute the load of intrusion detection. If a session flows through two or more devices that can perform IDS processing (firewall, switch, etc) then they can cordinate such that only one needs to do the work. I can see Cisco buying some small IDS company and incorporating such feature on their high end Catalys switches. Who said there are no new business opportunities in the security market? ;) Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- Re: Important Comments re: INtrusion Detection, (continued)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 15)
- Re: Important Comments re: INtrusion Detection Rick Morrow (Feb 15)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 14)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 15)
- Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 16)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Adam Shostack (Feb 18)
- Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 18)
- Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 16)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 16)
- Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 17)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 17)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 17)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 17)
- Re: Important Comments re: INtrusion Detection Doug Hughes (Feb 18)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 14)
- Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 15)