Firewall Wizards mailing list archives

Re: RE: IDS (was: FW appliance comparison)

From: "Patrick M. Hausen" <hausen () punkt de>
Date: Tue, 24 Jan 2006 14:27:15 +0100

Hi, all!

On Tue, Jan 24, 2006 at 11:38:52AM +0700, Ben Nagy wrote:

What's your preferred method for noticing this stuff? (I'm certainly not
being sarcastic here)


Your firewall doesn't trigger an alarm for every event that's
denied by policy?

That's the main reason why I don't like IDSs. A default deny
policy combined with "log everything" achieves just the same.

I concede there are nice UIs that let you do convenient analysis
and statistics - more often or better on IDS products than on
your common firewall. But it's the vendors that are to blame
here. Why not put the same effort into the firewall products?
Why bother if you can sell another box instead? Dunno.

Regards,
Patrick
-- 
punkt.de GmbH         Internet - Dienstleistungen - Beratung
Vorholzstr. 25        Tel. 0721 9109 -0 Fax: -100
76137 Karlsruhe       http://punkt.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: FW appliance comparison - Seeking input for the forum, (continued)
- - - RE: FW appliance comparison - Seeking input for the forum Paul Melson (Jan 19)
    - Re: FW appliance comparison - Seeking input for the forum Devdas Bhagat (Jan 18)
    - Re: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 18)
    - Re: FW appliance comparison - Seeking input for the forum david_harris (Jan 20)
    - Re: FW appliance comparison - Seeking input for the forum sai (Jan 20)
    - Re: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 20)
    - Re: FW appliance comparison - Seeking input for the forum Devdas Bhagat (Jan 23)
    - Re: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 23)
    - RE: IDS (was: FW appliance comparison) Ben Nagy (Jan 24)
    - Re: RE: IDS Chuck Swiger (Jan 24)
    - Re: RE: IDS (was: FW appliance comparison) Patrick M. Hausen (Jan 24)
    - Re: RE: IDS (was: FW appliance comparison) ArkanoiD (Jan 24)
    - Re: RE: IDS (was: FW appliance comparison) Cat Okita (Jan 24)
    - Re: RE: IDS (was: FW appliance comparison) Paul D. Robertson (Jan 24)
    - Re: RE: IDS (was: FW appliance comparison) Marcus J. Ranum (Jan 24)
    - Re: RE: IDS (was: FW appliance comparison) Cat Okita (Jan 24)
    - Re: RE: IDS (was: FW appliance comparison) Marcus J. Ranum (Jan 24)
    - Re: RE: IDS (was: FW appliance comparison) Cat Okita (Jan 24)
    - Re: RE: IDS (was: FW appliance comparison) Joseph S D Yao (Jan 25)
    - Re: RE: IDS (was: FW appliance comparison) chris (Jan 24)
    - Re: RE: IDS (was: FW appliance comparison) Cat Okita (Jan 25)

(Thread continues...)