Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS outside of firewall?

From: "Marcus J. Ranum" <mjr () nfr net>
Date: Mon, 03 Aug 1998 11:14:11 -0400
Are there advantages to putting an IDS on the outside of the firewall?


As far as I can tell the main use is twofold:
        One -   to detect when auditors run scans against your network.
                They get All Happy when you notice that they do that.
                If you don't have audits then don't worry about it.
        Two -   to tell senior management that the firewall is working
                (maybe) or at least that the network is being brought
                under attack and that they should keep paying to have
                a security person on staff.

We've talked repeatedly of setting up an NFR backend that plays
.AU files to a sound card, so we can have the IDS sit there in
the computer room mumbling to itself, "ow! bad frag! nyaa nyaah!
oof! biff! nice try you sneaky rat!" etc whenever a different
attack is detected...  We could probably market that as multimedia
security interface(tm) or something and Wall St would want to
have our children.

mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
Previous By Date Next
Previous By Thread Next

Current thread: