Snort mailing list archives
Re: Snort with IPSec
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 05 Nov 2003 00:21:31 -0600
On Tue, 2003-11-04 at 13:02, Josh Berry wrote:
I understand the overhead and difficulty. I just want to know if it is technically feasible. The reason I am asking is that one of the directors where I work is considering implementing site wide IPSec encryption for every connection on the internal network. This will make internal attacks impossible to see, therefore I cannot just sit the IDS behind the VPN because essentially the whole network will be one big VPN.
What is the reason/business case behind this? Do the benefits you gain really outweigh the drawbacks? Curious, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Chris Green (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Frank Knobbe (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 05)
- Re: Snort with IPSec Ravi Kumar (Nov 05)
- Re: Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Chris Green (Nov 04)
- Message not available
- Re: Snort with IPSec Matt Kettler (Nov 04)
- <Possible follow-ups>
- RE: Snort with IPSec O'Flynn, Derek (Nov 04)
- Re: Snort with IPSec Mark . Schutzmann (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Jason Haar (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 04)