Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW appliance comparison - Seeking input for the forum

From: sai <sonicsai () gmail com>
Date: Fri, 20 Jan 2006 11:06:04 +0500
On 1/20/06, david_harris () arnotts com <david_harris () arnotts com> wrote:



On Wed, 18 Jan 2006, sai wrote:


on firewall if you really want all-in-one boxes. Why would you want an
IDS on the same machine as a firewall? Its not going to work. It will
not have enough signatures to give you the sort of security you need.


[What the heck, no interesting debate in a while...]

I think there's a bigger question "why would you want an IDS?"  AFAICT,
IDS's are only good for (a) stopping stuff your firewall rules should
already stop or (b) stopping known-bad stuff you have to let in that
almost always have patches or work-arounds and (c) if you're regulated
into them (i.e. HIPPA.)


I think it should be re-iterated that the D in IDS is 'Detection'. Alot of
people are using this term very loosely of late.

I agree that IDS is a waste of time except if you need to provide glossy
feel good reports to mgmt. Then theyr'e great!



Ignorance is strenght? No way! IDS should help you figure out what is
happening on your network and its environs. Unfortunately keeping the
IDS updated takes time and/or money , plus you have to look at (and
understand) the reports (more time and effort).
Most people are able to get on with their jobs without knowing what
has attacked them, but its certainly good to know.

sai
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: