Firewall Wizards mailing list archives
Re: How should an Internet connection/firewall be designed?
From: Carson Gaspar <carson () taltos org>
Date: Sat, 20 Jan 2007 11:10:33 -0800
Dave Piscitello wrote:
Kaas, David D wrote:How many companies have an IPS/deep-packet-inspection device between the firewall and the border router?I honestly don't see a lot of this and unless there's a specific DOS prevention issue, I don't see a lot of point in policing traffic that I expect my firewall to block.
Back when I still did security for a living, I was a supporter of having an IDS device between your border router and your external firewall. However it was not for the reasons most folks might think. I wanted the external IDS in logging-only (no alarms) mode, purely for forensic and legal purposes. When we saw something funky on our internal/DMZ nets, we could look at the external logs to see if it was part of an attack pattern. Of course there is a cost/benefit analysis that has to be done to determine if the data mining is worth the cost of the device. I agree that anyone who has alarms enabled from an outside-the-firewall IDS probably ought to go see a professional about their paranoia issues... -- Carson _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- How should an Internet connection/firewall be designed?, (continued)
- How should an Internet connection/firewall be designed? Kaas, David D (Jan 18)
- Re: How should an Internet connection/firewall be designed? AMuse (Jan 18)
- Re: How should an Internet connection/firewall be designed? Christine Kronberg (Jan 19)
- Re: How should an Internet connection/firewall be designed? Kaas, David D (Jan 19)
- Re: How should an Internet connection/firewall be designed? Shahin Ansari (Jan 19)
- Re: How should an Internet connection/firewall be designed? R. DuFresne (Jan 20)
- Re: How should an Internet connection/firewall be designed? AMuse (Jan 18)
- Re: How should an Internet connection/firewall be designed? ArkanoiD (Jan 18)
- Re: How should an Internet connection/firewall be designed? John Kougoulos (Jan 18)
- Re: How should an Internet connection/firewall be designed? ArkanoiD (Jan 18)
- Re: How should an Internet connection/firewall be designed? Dave Piscitello (Jan 19)
- Re: How should an Internet connection/firewall be designed? Carson Gaspar (Jan 20)
- Re: How should an Internet connection/firewall be designed? Dave Piscitello (Jan 22)
- Re: How should an Internet connection/firewall be designed? R. DuFresne (Jan 25)
- How should an Internet connection/firewall be designed? Kaas, David D (Jan 18)