Firewall Wizards mailing list archives
RE: IDS data collection _outside_ of a firewall
From: Marc Delince <marc.delince () computer org>
Date: Thu, 28 Jan 1999 07:52:09 -0500
What is missing? You want something simple, comparable to a video camera? Use a network sniffer connected to a disk farm + tapes. Now nobody will ever be reading the recorded data probably if only because of the huge quantity of irrelevant data logged. But if you have a legal investigation, you probably (I am not a lawyer) could use the traces as evidence (like the cameras). Now if you also want to have someone to look at the current "images" (events), like they do in security guards rooms with the cameras, you could use an IDS to extract the "interesting events out of the millions of packets flowing on your network connection. Does this mean you need a sniffer and an IDS? May be... ask your lawyer/legal department/... On my part, I believe that a good IDS that will display the major event (should only be very few) to the SOC (Security Operating Center) or whoever is responsible for security AND start logging the traffic when any interesting traffic is detected (could be a lot more events) seems to correspond to my idea of securing my site. Who could implement this? Anyone. Provided you have the right tool. The tool that will give you a maximum of help to understand what is going on, what impact it may have on you. Also the tool that gives you flexibility in detecting events and logging traffic. Just my 0.02$. Have a terrific day. Marc Delince marc.delince () computer org -----Original Message----- From: Dominique Brezinski [SMTP:dom_brezinski () securecomputing com] Sent: Wednesday, January 27, 1999 11:04 PM To: Marc Delince; 'roger nebel' Cc: firewall-wizards () nfr net Subject: RE: IDS data collection _outside_ of a firewall Because the data storage issues have not been refined for IDS like video surveillance. At some point we will get an IDS system that is as simple to operate as the multi-camera video systems available today, but until then the problem is a bit different. Your analogy is good in theory--today's technology is not quite there. At 07:41 AM 1/27/99 -0500, Marc Delince wrote:
How do you justify installing cameras outside embassies, public buildings, ... manufacturing plants, ... office buildings? Even if there is nobody to watch the cameras in real-time, the tapes can be used when necessary. Isn't that the non-internet related analogy everyone should use? Have a great day. Marc Delince, CISSP marc.delince () computer org
Dominique Brezinski CISSP (206) 898-8254 Secure Computing http://www.securecomputing.com
Current thread:
- IDS data collection _outside_ of a firewall John Kozubik (Jan 20)
- Re: IDS data collection _outside_ of a firewall Dominique Brezinski (Jan 21)
- Re: IDS data collection _outside_ of a firewall roger nebel (Jan 26)
- <Possible follow-ups>
- RE: IDS data collection _outside_ of a firewall Burden, James (Jan 27)
- RE: IDS data collection _outside_ of a firewall Marc Delince (Jan 27)
- RE: IDS data collection _outside_ of a firewall Dominique Brezinski (Jan 28)
- RE: IDS data collection _outside_ of a firewall Marc Delince (Jan 28)
- Re: IDS data collection _outside_ of a firewall John Kozubik (Jan 28)
- Re: IDS data collection _outside_ of a firewall Dominique Brezinski (Jan 21)