Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW appliance comparison - Seeking input for the forum

From: Greg Spath <gkspath () armstrong com>
Date: Fri, 20 Jan 2006 13:42:34 -0500
On Fri, 20 Jan 2006 15:43:33 +1100
david_harris () arnotts com wrote:




I agree that IDS is a waste of time except if you need to provide
glossy feel good reports to mgmt. Then theyr'e great!



I tend to agree, but...

IDS comes in handy for detecting worm outbreaks on the inside, and are
useful at seeing attacks on ports you allow inbound on your DMZ
(although if whoever admins those services watches their logs, it
becomes apparent without an IDS).  Sendmail servers get hammered by
idiots on occassion.  An IDS can watch for that and let you know when
it is time to send a subnet to the bit void via the firewalls.

Use them to let you know when things aren't right within your
networks.  Using them to report on stuff you are already dealing with,
I agree, is a waste of resources.

--g



-- 
Greg Spath <gkspath () armstrong com>                        
Infrastructure Security Analyst    
Armstrong World Industries, Inc.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: