Firewall Wizards mailing list archives
Re: IDS outside of firewall?
From: "Craig H. Rowland" <crowland () psionic com>
Date: Mon, 3 Aug 1998 12:43:06 -0400 (EDT)
On Sun, 2 Aug 1998, Jennifer Galvin wrote:
OTOH, an IDS inside the firewall, which can pick up unusual events, for example, traffic that should not have passed through the firewall or port scanning on the internal network, makes a lot of sense to me. Please e-mail me the comments about putting IDS outside the firewall, and I will post a summary in about a week.Your analogy and thinking seem correct. I believe 80 percent of all attacks come from inside networks, and if there is anything suspicious going on on the outside, a properly configured firewall should log all of that traffic. Providing an IDS on the inside would, in theory, also help track down what data was possibly destroyed, and how the attacker actually penetrated the network.
Having an IDS set up inside the firewall also helps detect intruders that slipped in across a firewall VPN you set up to a "trusted" remote site. This is something that I think is frequently overlooked by admins who sometimes think that having encrypted tunnels somehow equals good security. -- Craig
Current thread:
- IDS outside of firewall? Rik Farrow (Aug 02)
- Re: IDS outside of firewall? Jennifer Galvin (Aug 03)
- Re: IDS outside of firewall? Craig H. Rowland (Aug 03)
- Re: IDS outside of firewall? Joseph S. D. Yao (Aug 03)
- Re: IDS outside of firewall? Jeff Sedayao (Aug 05)
- Message not available
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Jennifer Galvin (Aug 03)
- Re: IDS outside of firewall? Woody Weaver (Aug 03)
- Re: IDS outside of firewall? Henry Hertz Hobbit (Aug 04)
- Re: IDS outside of firewall? Woody Weaver (Aug 05)
- Re: IDS outside of firewall? Henry Hertz Hobbit (Aug 04)
- Re: IDS outside of firewall? Stephen P. Berry (Aug 03)
- <Possible follow-ups>
- Re: IDS outside of firewall? Ryan Russell (Aug 03)
- Re: IDS outside of firewall? Jennifer Galvin (Aug 03)
- Re: IDS outside of firewall? Ryan Russell (Aug 03)