re:The value of detecting neutralized threats

[Glenn Larsson <glenn.larsson () datortek vasteras se>]

Hi.

I dont have much experience in the FW subject, bud i do have an idea.
I think that multiple stage IDS should be a good thing to have:

1.. In front of the firewall(s)
2.. Behind the firewall(s) (or inside in the firewall chain?)
3.. Behind the internal protection (proxys etc)

and a second network, capable of analysing this data should listen in on
all 3 points, detecting "doorknocks", intrusions, stealth scans and
internal
problems etc etc... = a sort of security service network which only have
one
purpose: to analyse user traffic in tandem with the real network. If
this
could be done - many would feel safer ...or more paranoid 8-}

How much CPU power, How many scan points?
- I don't know, i live that to you guys and gals.

Best regards,
Glenn
_________________________________________________

Please visit INSL @ http://194.23.169.99/