Firewall Wizards mailing list archives
Re: The devil's in the details
From: David Lang <dlang () diginsite com>
Date: Tue, 13 Jul 1999 09:19:34 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- I am in a similar situation and decided that the only way to do IDS was to bite the bullet and put host-based IDS on each of my internal servers. this will not protect one desktop from being hacked by another, but will protect my servers (and yes it can get VERY expensive) David Lang On Tue, 13 Jul 1999, Matt Dunn wrote:
Hi all, I'm doing some preliminary planning for a security configuration, and I have what may be a silly question about setting up an IDS. I looked around a bit, and even asked a couple people (who laughed, but it didn't sound like it was because the question was silly, more of a 'good luck' kind of laugh..) My problem is that a couple of my networks involve switches, which, as part of the new and improved security policy, will involve VLANs. I could throw the IDS on a hub with the firewall and connect that to the switch, but that doesn't do anything for internal threats (which are what is necessitating the VLANs.) Has anyone figured out a good way to set something like this up? Ideally, some switch manufacturer would have thought of this ahead of time, and made a port on the switch that dumped all the packets, but then you're dealing with packet loss unless that one port is significantly faster than the rest of the switch. I could try to figure out some policy based configuration, but I don't want to go buy a gigabit plane for each of my switches, and it doesn't sit right with me to depend on the switch management elements for the completeness of my security data. Any responses would be appreciated. -Matt
"If users are made to understand that the system administrator's job is to make computers run, and not to make them happy, they can, in fact, be made happy most of the time. If users are allowed to believe that the system administrator's job is to make them happy, they can, in fact, never be made happy." - -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA '97) -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBN4tnGT7msCGEppcbAQG+FAgAoq/iczreRMMY29ozFKi4jqliDAG+K//r UgzYwq6kofSYeKiIESqwI+5FjnO0OyuA5pdEkCKw05Nk5ZabvpUyLzFtdz8Gg4bW w4E1x9lQ76axPxiLZ+r98AhvF2KA4GEpov8croTaNW8OqwkOAf8T4Gvbe+8YQPlI WnXXYa0aW8A9jjb/J+mUP0mbQfO+H1umSWNMacHD617mzkdXJEnGBLMODTTqkjgI xK0F5ys+pDI9kBH1xVDtAxRLNxnTaokQpmZwCwDfYKezOfHTpepoxk1X9EnypWZY LaB3s2Pn2jq5siCxQHNhDn9MHsxg6O+h1x+1IOMp7E2KMTd+lWjB2Q== =HNV4 -----END PGP SIGNATURE-----
Current thread:
- The devil's in the details Matt Dunn (Jul 13)
- Re: The devil's in the details Paul V. Alukal (Jul 13)
- Re: The devil's in the details David Lang (Jul 13)
- Re: The devil's in the details Lance Spitzner (Jul 14)
- Re: The devil's in the details David Lang (Jul 14)
- Re: The devil's in the details Lance Spitzner (Jul 14)
- Re: The devil's in the details Technical Incursion Countermeasures (Jul 14)
- RE: The devil's in the details Thomas Crowe (Jul 14)
- RE: The devil's in the details Brian W. Laing (Jul 14)
- Re: The devil's in the details Security Administrator (Jul 14)
- <Possible follow-ups>
- Re: The devil's in the details czarcone (Jul 14)
- Re: The devil's in the details Tina Lamias (Jul 23)
- RE: The devil's in the details Kyle Starkey (Jul 14)
- Re: The devil's in the details czarcone (Jul 23)