Firewall Wizards mailing list archives
Re: Intrusion Prevention Firewall
From: Vern Paxson <vern () icir org>
Date: Wed, 03 Apr 2002 15:11:02 -0800
But beware: as soon as you hook your IDS to an access control mechanism, so that when the IDS detects something it closes off access, what you have just done is build a flakey access control policy. If you thought the costs of managing IDSs was high, wait until you try this :)
The counterpoint: this can be very powerful, depending on your IDS. At LBL,
Bro drops various forms of hostile activity automatically, and we find that
it makes a *big* difference in lowering the break-in rate (which we know
because we see how the rate goes up when the reactive system is turned off).
Vern
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Intrusion Prevention Firewall, (continued)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 03)
- RE: Intrusion Prevention Firewall Berny Stapleton (Sydney Technology) (Apr 12)
- RE: Intrusion Prevention Firewall R. DuFresne (Apr 16)
- Re: Intrusion Prevention Firewall Mikael Olsson (Apr 16)
- RE: Intrusion Prevention Firewall Dave Piscitello (Apr 16)
- RE: Intrusion Prevention Firewall R. DuFresne (Apr 17)
- RE: Intrusion Prevention Firewall Dave Piscitello (Apr 17)
- RE: Intrusion Prevention Firewall R. DuFresne (Apr 18)
- RE: Intrusion Prevention Firewall Mike Shaw (Apr 17)
- Re: Intrusion Prevention Firewall Crispin Cowan (Apr 05)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 06)
- Re: Intrusion Prevention Firewall dont (Apr 06)
- Re: Intrusion Prevention Firewall Crispin Cowan (Apr 05)
- RE: Intrusion Prevention Firewall Dave Piscitello (Apr 08)