Firewall Wizards mailing list archives
Re: RE: IDS (was: FW appliance comparison)
From: ArkanoiD <ark () eltex net>
Date: Tue, 24 Jan 2006 17:11:24 +0300
nuqneH, Not really the same. IDS may find some unexpected behavior originated from inside that simply does not reach firewall. Say, a trojaned laptop computer may scan internal network resources and send results out via innocently-looking email (or even do it via different channel), how can you detect this? (well, we all know this should not happen because no notebooks should be allowed in unrestricted, but still it does) So there is still some use for IDS. Another possible application is detecting breakin attempts in DMZ, though responding to those is damn boring. A hybrid host-network system helps much and even odious "signature base" is very useful to know exactly what happens ;-) On Tue, Jan 24, 2006 at 02:27:15PM +0100, Patrick M. Hausen wrote:
Hi, all! On Tue, Jan 24, 2006 at 11:38:52AM +0700, Ben Nagy wrote:What's your preferred method for noticing this stuff? (I'm certainly not being sarcastic here)Your firewall doesn't trigger an alarm for every event that's denied by policy? That's the main reason why I don't like IDSs. A default deny policy combined with "log everything" achieves just the same. I concede there are nice UIs that let you do convenient analysis and statistics - more often or better on IDS products than on your common firewall. But it's the vendors that are to blame here. Why not put the same effort into the firewall products? Why bother if you can sell another box instead? Dunno. Regards, Patrick -- punkt.de GmbH Internet - Dienstleistungen - Beratung Vorholzstr. 25 Tel. 0721 9109 -0 Fax: -100 76137 Karlsruhe http://punkt.de _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: FW appliance comparison - Seeking input for the forum, (continued)
- Re: FW appliance comparison - Seeking input for the forum Devdas Bhagat (Jan 18)
- Re: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 18)
- Re: FW appliance comparison - Seeking input for the forum david_harris (Jan 20)
- Re: FW appliance comparison - Seeking input for the forum sai (Jan 20)
- Re: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 20)
- Re: FW appliance comparison - Seeking input for the forum Devdas Bhagat (Jan 23)
- Re: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 23)
- RE: IDS (was: FW appliance comparison) Ben Nagy (Jan 24)
- Re: RE: IDS Chuck Swiger (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Patrick M. Hausen (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) ArkanoiD (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Cat Okita (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Paul D. Robertson (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Marcus J. Ranum (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Cat Okita (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Marcus J. Ranum (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Cat Okita (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Joseph S D Yao (Jan 25)
- Re: RE: IDS (was: FW appliance comparison) chris (Jan 24)
- Re: RE: IDS (was: FW appliance comparison) Cat Okita (Jan 25)
- Re: RE: IDS (was: FW appliance comparison) Marcus J. Ranum (Jan 25)