Firewall Wizards mailing list archives
Re: DMZ best practices
From: Dominique Brezinski <dom_brezinski () securecomputing com>
Date: Wed, 20 Jan 1999 13:57:46 -0800
Ah, the reactive firewall model (point 2) - yes, an ID sensor outside the firewall is necessary for such a configuration, but the usefulness of such a configuration (as currently shipped by various vendors) is debatable. Current solutions are highly vulnerable to abuse by a knowledgeable attacker, but this is not to say that such technology could not be useful. Refer to my other post for my thoughts on the point 1. Point 3 should be addressed by having the ID sensor on the same network as the protected public servers, not outside the firewall (the data acquisition will be more reliable) and the communication channel between the IDS and the firewall will be better protected. Dom At 09:40 AM 1/20/99 +0100, Security wrote:
My comments on Dominique Brezinski about Having ID sensors outside the firewall... There are three reasons why having ID sensors outside the firewall is important: 1. Many people want to know what is happening there. Is the firewall well configured? Is it very often under attack? 2. I think the most valuable feature of a well-configured ID system is the ability to react on an attack or misuse. For instance, when a portscan on the firewall is detected, the firewall can block the IP address of the intruder for a while. 3. In case of a DMZ protected by the firewall (3rd NIC), the firewall will not protect the servers in the DMZ against attacks as vulnerable CGI scripts E-mail-WIZ, etc. An ID system outside the firewall can reconfigure the firewall or kill the TCP-connection to prevent this. Arjen Rijpma PointNet Security Systems.
Dominique Brezinski CISSP (206) 898-8254 Secure Computing http://www.securecomputing.com
Current thread:
- DMZ best practices Perry, David (Jan 15)
- Re: DMZ best practices Bennett Todd (Jan 19)
- <Possible follow-ups>
- Re: DMZ best practices John Kozubik (Jan 18)
- Re: DMZ best practices Jeromie Jackson (Jan 19)
- Re: DMZ best practices Amos Hayes (Jan 20)
- Re: DMZ best practices Dominique Brezinski (Jan 19)
- Re: DMZ best practices Jeromie Jackson (Jan 19)
- Re: DMZ best practices Bill_Royds (Jan 19)
- RE: DMZ best practices Andreas Haug (Jan 20)
- Re: DMZ best practices John Kozubik (Jan 20)
- Re: DMZ best practices Security (Jan 20)
- Re: DMZ best practices Dominique Brezinski (Jan 21)
- RE: DMZ best practices Bill_Royds (Jan 21)
- RE: DMZ best practices Andreas Haug (Jan 26)
- Re: RE: DMZ best practices Robert MACDONALD (Jan 21)
- Re: RE: DMZ best practices Joseph S D Yao (Jan 26)
- RE: DMZ best practices Security (Jan 26)
- RE: DMZ best practices Dominique Brezinski (Jan 26)
- RE: DMZ best practices David LeBlanc (Jan 27)
- DMZ best practices Arjen Rijpma (Jan 26)
- RE: DMZ best practices John Kozubik (Jan 28)