Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW appliance comparison - Seeking input for the forum

From: "Paul D. Robertson" <paul () compuwar net>
Date: Wed, 18 Jan 2006 20:29:27 -0500 (EST)
On Thu, 19 Jan 2006, Devdas Bhagat wrote:


IDS on the same machine as a firewall? Its not going to work. It will
not have enough signatures to give you the sort of security you need.


[What the heck, no interesting debate in a while...]

I think there's a bigger question "why would you want an IDS?"  AFAICT, 
IDS's are only good for (a) stopping stuff your firewall rules should 
already stop or (b) stopping known-bad stuff you have to let in that 
almost always have patches or work-arounds and (c) if you're regulated 
into them (i.e. HIPPA.)


An IDS is _not_ an IPS. An IDS monitors your system/network for failures
of security systems. It does not interfere with traffic.

An IDS helps in quantifying threats as well. "We got $n low threat port
scans, $v viruses incoming, $s spam..."


s/stopping/detecting and then allowing you to stop out of band/


An IPS, OTOH, is a proxy with default allow. All your criticisms apply
there.


Same pipe, different rocks. ;)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
http://fora.compuwar.net      Infosec discussion boards 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: