Security Basics mailing list archives
RE: IDS question [was: Re: Firewall and DMZ topology]
From: "Steve Bremer" <steveb () nebcoinc com>
Date: Thu, 12 Jun 2003 13:51:15 -0500
Hi,
External IDS can be inline or passive sitting on a span port. For any
Good point. I was thinking of just a monitoring sensor, but an in-line sensor that can be configured to block active attacks would be nice. Has anyone tried Hogwash?
So in my opinion I think it's important to monitor critical segments in any network. Especially, external (who's knocking on your door)
I wasn't completely clear in my last e-mail. I was thinking more along the lines of having the IDS in the DMZ. Any attacks that get past the outside firewall to the DMZ hosts would be caught by the IDS in the DMZ. The attacks that don't make it past the external firewall into the DMZ would be much less of a concern. Kind of a "let them knock on the door, but only deal with the ones who try to forcefully enter" line of thinking. Configuring the external IDS to monitor outgoing traffic would let you monitor your own hosts for unusual behavior.
The IDS needs to be on every critical network segment at the least.
Agreed.
Anyways that's just my opinion and I have done a lot of security work and high availability designs.
Thanks for your input, I appreciate it. Steve Bremer NEBCO, Inc. System & Security Administrator --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- RE: IDS question [was: Re: Firewall and DMZ topology] Mann, Bobby (Jun 12)
- RE: IDS question [was: Re: Firewall and DMZ topology] Steve Bremer (Jun 12)
- <Possible follow-ups>
- Re: IDS question [was: Re: Firewall and DMZ topology] Chris Berry (Jun 12)
- RE: IDS question [was: Re: Firewall and DMZ topology] John Brightwell (Jun 16)