Firewall Wizards mailing list archives
Re: FW appliance comparison - Seeking input for the forum
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sun, 29 Jan 2006 21:44:21 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 25 Jan 2006, Devdas Bhagat wrote:
On 23/01/06 18:30 -0500, Paul D. Robertson wrote:On Sun, 22 Jan 2006, Devdas Bhagat wrote:Isn't auditing against a policy exactly what an IDS is supposed to do?Not that I've ever seen. Everything I've seen says they look for known-bad-stuff and produce alerts and false positives. ;)<chorus> BOO! </chorus>It also verifies that your security policy has been implemented correctly at the firewall(s).As I said, in an ideal world, sure- however I've yet to see an IDS that really and truly knows how to even express policy, let alone check against it (unless your policy is "no bad stuff the IDS can find!") Heck, I've yet to see real policy<->firewall rule mapping done in an effective way without a human.I suspect that my terminology has gotten disconnected with the marketing driven real world again. To me an IDS is not necessarily something that listens on the network only. Stuff that looks at the integrity of files on hosts, stuff that monitors and analyzes logs is part of the IDS too. The IDS is not a simple, single application, but a set of applications which work together to show the differences between operational and ideal implementations. A NIDS, or a HIDS is a part of the above, but is definitely not sufficient by itself.
I've seen this offered asa more total solution, LURQH <sp?!> does this as core to their MSSP offering, but I have not seen any IDS/NIDS/HIDS that truly goes that far. You have pointers to products that provided log analysis as well as traffic monitoring for anomalies?
Thanks, Ron DuFresne- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com http://sysinfo.com Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629 ...We waste time looking for the perfect lover instead of creating the perfect love. -Tom Robbins <Still Life With Woodpecker> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFD3X2Ist+vzJSwZikRAnjhAKCfPoa2b0JVht/3aY/Oe4IKeVdnngCgrc9s puMFkJRZORAejuv0kC+05jY= =Nl2Y -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: FW appliance comparison - Seeking input for the forum Paul Melson (Feb 01)
- Re: FW appliance comparison - Seeking input for the forum nick leachman (Feb 02)
- RE: FW appliance comparison - Seeking input for the forum Paul Melson (Feb 02)
- RE: FW appliance comparison - Seeking input for the forum Paul Robertson (Feb 02)
- RE: FW appliance comparison - Seeking input for the forum R. DuFresne (Feb 02)
- RE: FW appliance comparison - Seeking input for the forum Paul Melson (Feb 02)
- Re: FW appliance comparison - Seeking input for the forum Dave Piscitello (Feb 02)
- Re: FW appliance comparison - Seeking input for the forum R. DuFresne (Feb 02)
- <Possible follow-ups>
- Re: FW appliance comparison - Seeking input for the forum R. DuFresne (Feb 01)
- Re: FW appliance comparison - Seeking input for the forum Devdas Bhagat (Feb 07)
- Re: FW appliance comparison - Seeking input for the forum ArkanoiD (Feb 02)
- Re: FW appliance comparison - Seeking input for the forum nick leachman (Feb 02)