Firewall Wizards mailing list archives
RE: firewalls and the incoming traffic problem
From: Phil Cox <pcc () llnl gov>
Date: Tue, 07 Oct 1997 12:08:18 -0700
At 12:15 PM 9/30/97 -0700, you wrote: [removed comments]
respond to the attack is often limited. For ID techniques to work well in a living breathing network, I believe we will see intrusion detection spread out through the network, with the firewall being one of the many points of input. Just as the firewall policy should be that which is not specifically accepted is denied, IDS should learn by that model.
What is the thought on the ability to write a firewall specific IDS which would use some type of meta language to define what was considered "acceptable" for different services coming across a firewall. The the IDS would flag or detect patterns which were considered normal or approved, and the rest would be "problems" by default. This would give you the "minimalist" stance in ID as well. Thoughts and comments. Phil
Current thread:
- RE: firewalls and the incoming traffic problem Dominique Brezinski (Oct 01)
- RE: firewalls and the incoming traffic problem Phil Cox (Oct 09)
- <Possible follow-ups>
- Re: firewalls and the incoming traffic problem Darren Reed (Oct 01)
- Re: firewalls and the incoming traffic problem David Collier-Brown (Oct 01)
- Re: firewalls and the incoming traffic problem Rick Smith (Oct 02)
- Re: firewalls and the incoming traffic problem Rick Smith (Oct 02)
- Re: firewalls and the incoming traffic problem Aleph One (Oct 02)
- Re: firewalls and the incoming traffic problem Hal Feinstein (Oct 02)
- RE: firewalls and the incoming traffic problem Bill Stout (Oct 10)
- RE: firewalls and the incoming traffic problem Bill Stout (Oct 13)
- Re: firewalls and the incoming traffic problem Adam Shostack (Oct 13)