Snort mailing list archives
Re: difference between the capability of snort and a dynamic firewall!??!?!!?
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 14 Aug 2002 10:30:03 -0400
Firewalls are intended to block traffic, and log events.Intrusion detection systems are intended to have an extensive database of intrusion signatures and log the attempts so you can use them to improve your firewall rules, and as forenzic information when a successful intrusion occurs.
Intrusion detection systems are *NOT* intended to be a first-line-of-defense against network intrusion, merely analysis of them. A carefuly planed out firewall ruleset is infinitely better than any dynamic ruleset that snort can wind up creating via tools like hogwash, but tools like hogwash make a great second-line for cases where the firewall fails to prevent an attack.
Picture a firewall as a lock, and snort as an alarm system.. If the alarm goes off you can have it activate locks in the building, and call the police, but locking your door in the first place is a better idea. The alarm is there for when the lock fails and is not a first-line of defense.
At 06:31 AM 8/14/2002 -0700, funky wrote:
Hi, What's the fondamental difference between Intrusion Detection Systems and a firewall!?!?!? - I know that we can log the attempts that matches with the rules with snort and later if you see an attack in log , you can add some rules related to the firewall - we can look an the content (we can do that in dynamic(proxy) firewalls also!!) - We can make a dynamic rule match, what it is for?!?!? There isn't any dynamic rules in standart ruleset!?!??! Is it a difference from standart firewall?!?! if, what!??! thanx funky Istanbul __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Preprocessor logging (was: Log vs. Alert --end the confusion!) Williams Jon (Aug 13)
- Re: Preprocessor logging (was: Log vs. Alert --end the confusion!) Chris Green (Aug 13)
- difference between the capability of snort and a dynamic firewall!??!?!!? funky (Aug 14)
- Re: difference between the capability of snort and a dynamic firewall!??!?!!? Matt Kettler (Aug 14)