Firewall Wizards mailing list archives
IDS data collection _outside_ of a firewall
From: "John Kozubik" <john_kozubik_dc () hotmail com>
Date: Tue, 19 Jan 1999 22:33:38 PST
Also, the comment on having ID sensors outside the firewall is also equally flawed.
I must respectfully disagree. Please refer to: http://www.nswc.navy.mil/ISSEC/CID/ for a detailed explanation on two tried and true methods of IDS - Network Flight Recorder, and the STEP system. Both methods call for the data collection portion of the IDS to sit outside of the firewall, in the DMZ. It should be quite clear to anyone familiar with the subject of IDS that the collection station is _necessarily_ outside of the firewall. For instance, it would be somewhat difficult to detect netbios scans if you are watching with a machine that is inside a firewall that is blocking 135, 137, etc. (you are blocking those, aren't you? :) The above web page is a great start for anyone who can invest about 1-2 hours reading on the subject of IDS - it is well worth it for the beginner in the subject, and would provide a good foundation for further study. kozubik - John Kozubik - john_kozubik () hotmail com PGP DSS: 0EB8 4D07 D4D5 0C28 63FE AD87 520F 57BE 850B E4C4 ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- IDS data collection _outside_ of a firewall John Kozubik (Jan 20)
- Re: IDS data collection _outside_ of a firewall Dominique Brezinski (Jan 21)
- Re: IDS data collection _outside_ of a firewall roger nebel (Jan 26)
- <Possible follow-ups>
- RE: IDS data collection _outside_ of a firewall Burden, James (Jan 27)
- RE: IDS data collection _outside_ of a firewall Marc Delince (Jan 27)
- RE: IDS data collection _outside_ of a firewall Dominique Brezinski (Jan 28)
- RE: IDS data collection _outside_ of a firewall Marc Delince (Jan 28)
- Re: IDS data collection _outside_ of a firewall John Kozubik (Jan 28)
- Re: IDS data collection _outside_ of a firewall Dominique Brezinski (Jan 21)