Firewall Wizards mailing list archives
Re: The devil's in the details
From: Lance Spitzner <spitzner () dimension net>
Date: Wed, 14 Jul 1999 11:49:24 -0400 (EDT)
On Tue, 13 Jul 1999, David Lang wrote:
-----BEGIN PGP SIGNED MESSAGE----- I am in a similar situation and decided that the only way to do IDS was to bite the bullet and put host-based IDS on each of my internal servers. this will not protect one desktop from being hacked by another, but will protect my servers (and yes it can get VERY expensive)
You can do simple IDS with your firewall. Since all traffic goes through there (assumption), this is a good place to start. You can't fire up a serious IDS system, such as NFR or Real Secure, because of performance and potential security issues (the less on the FW, the better). However, you can setup basic FW rules and/or log filters that detects ports scans and network sweeps. This won't catch everybody, but it is a great place to start. If nothing else, show management all the scans/sweeps you are detecting to validate the need ($$$) for a real IDS system. I've had great success doing this with FW-1. Lance Spitzner http://www.enteract.com/~lspitz/papers.html Internetworking & Security Engineer Dimension Enterprises Inc
Current thread:
- The devil's in the details Matt Dunn (Jul 13)
- Re: The devil's in the details Paul V. Alukal (Jul 13)
- Re: The devil's in the details David Lang (Jul 13)
- Re: The devil's in the details Lance Spitzner (Jul 14)
- Re: The devil's in the details David Lang (Jul 14)
- Re: The devil's in the details Lance Spitzner (Jul 14)
- Re: The devil's in the details Technical Incursion Countermeasures (Jul 14)
- RE: The devil's in the details Thomas Crowe (Jul 14)
- RE: The devil's in the details Brian W. Laing (Jul 14)
- Re: The devil's in the details Security Administrator (Jul 14)
- <Possible follow-ups>
- Re: The devil's in the details czarcone (Jul 14)
- Re: The devil's in the details Tina Lamias (Jul 23)
- RE: The devil's in the details Kyle Starkey (Jul 14)
- Re: The devil's in the details czarcone (Jul 23)