Re: Intrusion Detection Systems, Best of breed?

[John Adams <jna () retina net>]

On Wed, 26 Dec 2001, R. DuFresne wrote:

> On Wed, 26 Dec 2001, Talisker wrote:
>
> > Ron
> > I'd have to agree that security and system/network administration do not
> > mix.  If you want defence in depth you need personnel who's sole
> > responsibility is to security, and the upkeep of those tools.   But I'd hope
> > that people monitoring this list are here because they do take security
> > seriously.  All too often buyers will blame the tools rather than their own
> > lack of resources.

I completely agree with the fact that people working in security shouldn't
also be responsible for the network, but these two groups have to work
together very closely and need access to each other's equipment.

You never know if a security person is going to have to turn off someone's
port because the machine is infected, or if the network person needs to
see the rulesets of the firewall to determine if the network is failing
because of a security restriction.

Segregating these groups entirely is a bad idea. Put their desks near each
other and give them a irc server or some means of instant communication
above the noise of email and pagrrs.

-john


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards