Firewall Wizards mailing list archives
Re: IDS outside of firewall?
From: "Ryan Russell" <ryanr () sybase com>
Date: Mon, 3 Aug 1998 12:41:56 -0700
Sorry, didn't mean to imply that outside is the best or only place to put one... You just asked if there was any use to it. If I only get one, I think I'd like it on the inside. Naturally, you want two.. inside and outside, that coordinate with each other in some way. (I'm sure the vendors would be heartbroken to have to sell twice as many.) Marcus, you're in a good postion to comment... If I only have budget for one, where's the best place to put it? Ryan Jennifer Galvin <jgalvin () digex net> on 08/03/98 12:20:17 PM To: Ryan Russell/SYBASE cc: firewall-wizards () nfr net Subject: Re: IDS outside of firewall? This is true, but then, regardless of what is on the outside, wouldn't you still want something on the inside, as well? Not to mention my analogy earlier, of the machine that goes PING.... Identifying attacks is useful, however, unless you have someone wading through the log files and making calls to ISPs so that accounts can be shut down and such, what good is just a record of someone trying to break into your firewall, from the OUTSIDE, when it actually happens? Sure, you have some good ideas, but what traffic eventually got through the firewall, and how do you know what data left? If the outside IDS is still a good idea, wouldn't an internal one, in addition, be a better one?
Current thread:
- Re: IDS outside of firewall?, (continued)
- Re: IDS outside of firewall? Craig H. Rowland (Aug 03)
- Re: IDS outside of firewall? Joseph S. D. Yao (Aug 03)
- Re: IDS outside of firewall? Jeff Sedayao (Aug 05)
- Message not available
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Woody Weaver (Aug 03)
- Re: IDS outside of firewall? Henry Hertz Hobbit (Aug 04)
- Re: IDS outside of firewall? Woody Weaver (Aug 05)
- Re: IDS outside of firewall? Henry Hertz Hobbit (Aug 04)
- Re: IDS outside of firewall? Stephen P. Berry (Aug 03)
- Re: IDS outside of firewall? Ryan Russell (Aug 03)
- Re: IDS outside of firewall? Jennifer Galvin (Aug 03)
- Re: IDS outside of firewall? Ryan Russell (Aug 03)
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Jeff Maddox (Aug 04)
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Paul Howell (Aug 04)
- Re: IDS outside of firewall? ark (Aug 05)
- Re: IDS outside of firewall? Joseph S. D. Yao (Aug 06)