Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Intrusion Prevention Firewall

From: Gary Flynn <flynngn () jmu edu>
Date: Wed, 03 Apr 2002 10:33:22 -0500
Crispin Cowan wrote:


But beware: as soon as you hook your IDS to an access control mechanism,
so that when the IDS detects something it closes off access, what you
have just done is build a flakey access control policy. If you thought
the costs of managing IDSs was high, wait until you try this :)


If someone were foolish enough to blindly tie one of today's full-blown 
IDS systems to an access control device I'd agree with you. But surely
there are some IDS signatures that can trusted to accurately identify
malicious traffic, and only malicious traffic, and therefore be safe
to use to control access. While there may be a much smaller number
of these "reliable" signatures, they may serve to automatically pick off 
the low hanging fruit and therefore allow more attention to be paid 
elsewhere.

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: