Firewall Wizards mailing list archives
Re: FW appliance comparison - Seeking input for the forum
From: "Paul D. Robertson" <paul () compuwar net>
Date: Wed, 18 Jan 2006 20:29:27 -0500 (EST)
On Thu, 19 Jan 2006, Devdas Bhagat wrote:
IDS on the same machine as a firewall? Its not going to work. It will not have enough signatures to give you the sort of security you need.[What the heck, no interesting debate in a while...] I think there's a bigger question "why would you want an IDS?" AFAICT, IDS's are only good for (a) stopping stuff your firewall rules should already stop or (b) stopping known-bad stuff you have to let in that almost always have patches or work-arounds and (c) if you're regulated into them (i.e. HIPPA.)An IDS is _not_ an IPS. An IDS monitors your system/network for failures of security systems. It does not interfere with traffic. An IDS helps in quantifying threats as well. "We got $n low threat port scans, $v viruses incoming, $s spam..."
s/stopping/detecting and then allowing you to stop out of band/
An IPS, OTOH, is a proxy with default allow. All your criticisms apply there.
Same pipe, different rocks. ;) Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." http://fora.compuwar.net Infosec discussion boards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- FW appliance comparison - Seeking input for the forum Roy Duperret (Jan 17)
- RE: FW appliance comparison - Seeking input for the forum Paul Melson (Jan 17)
- Re: FW appliance comparison - Seeking input for the forum sai (Jan 18)
- Re: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 18)
- RE: FW appliance comparison - Seeking input for the forum Paul Melson (Jan 18)
- RE: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 18)
- RE: FW appliance comparison - Seeking input for the forum Paul Melson (Jan 19)
- Re: FW appliance comparison - Seeking input for the forum sai (Jan 18)
- Re: FW appliance comparison - Seeking input for the forum Devdas Bhagat (Jan 18)
- Re: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 18)
- RE: FW appliance comparison - Seeking input for the forum Paul Melson (Jan 17)
- Re: FW appliance comparison - Seeking input for the forum david_harris (Jan 20)
- Re: FW appliance comparison - Seeking input for the forum sai (Jan 20)
- Re: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 20)
- Re: FW appliance comparison - Seeking input for the forum Devdas Bhagat (Jan 23)
- Re: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 23)
- RE: IDS (was: FW appliance comparison) Ben Nagy (Jan 24)
- Re: RE: IDS Chuck Swiger (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Patrick M. Hausen (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) ArkanoiD (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Cat Okita (Jan 24)