Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW appliance comparison - Seeking input for the forum

From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Thu, 19 Jan 2006 03:02:47 +0530
On 18/01/06 13:21 -0500, Paul D. Robertson wrote:

On Wed, 18 Jan 2006, sai wrote:


on firewall if you really want all-in-one boxes. Why would you want an
IDS on the same machine as a firewall? Its not going to work. It will
not have enough signatures to give you the sort of security you need.


[What the heck, no interesting debate in a while...]

I think there's a bigger question "why would you want an IDS?"  AFAICT, 
IDS's are only good for (a) stopping stuff your firewall rules should 
already stop or (b) stopping known-bad stuff you have to let in that 
almost always have patches or work-arounds and (c) if you're regulated 
into them (i.e. HIPPA.)


An IDS is _not_ an IPS. An IDS monitors your system/network for failures
of security systems. It does not interfere with traffic.

An IDS helps in quantifying threats as well. "We got $n low threat port
scans, $v viruses incoming, $s spam..."

An IPS, OTOH, is a proxy with default allow. All your criticisms apply
there.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: