Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW appliance comparison - Seeking input for the forum

From: "Patrick M. Hausen" <hausen () punkt de>
Date: Wed, 18 Jan 2006 19:41:23 +0100
Hi!

On Wed, Jan 18, 2006 at 01:04:45PM +0500, sai wrote:


Why would you want an
IDS on the same machine as a firewall? Its not going to work. It will
not have enough signatures to give you the sort of security you need.


Why would you want a signature based IDS at all? They don't work.
Period. Enumerating badness is a silly idea.

Develop a policy that explicitely defines every kind of network
traffic that is to be allowed to pass your perimeter. Application
X using a "propriatary protocol"? Sorry, not allowed.

Then use a firewall that only passes what is explicitly
allowed and raises an alarm for everything that isn't.
*Boom* as Steve Jobs would probably put it. Instant heuristic
proactive unkown and future attack aware IDS.

BTW:
http://www.ranum.com/security/computer_security/editorials/deepinspect/

HTH,
Patrick
-- 
punkt.de GmbH         Internet - Dienstleistungen - Beratung
Vorholzstr. 25        Tel. 0721 9109 -0 Fax: -100
76137 Karlsruhe       http://punkt.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: