[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] intrusion detection - benifits?
I felt the same way for a while until I attended one of the SANS intrusion detection conferences. Probably the one most important concepts they impressed on me is that there is no one solution. Your firewall can't do it all, that is not an opinion, that is a fact. I have heard different figures on this but 50 - 80% of malicious computer activity comes from inside your network, behind your firewall. An intrusion detection system correctly placed will tell you about this kind of activity. Another benefit of the one I am using (Shadow) is logging of packet data for specific traffic. Firewall logs only tell you so much and there are definitely times when you want to see the inside of a packet, not just the source and destination. This has been an invaluable tool for me when I am trying to track down some weird traffic and figure out what it is doing. Lastly, most people have to fight to get this kind of stuff funded. You are getting it without a fight. You might want to grudgingly accept this and try to wrangle something else out of the deal as well. You know, "Well, I'll take your intrusion detection system but to do it right, we have to have this cool reporting tool to go with it." Hope this helps. Jim Edwards Systems Manager Texas Secretary of State -----Original Message----- From: Pellowski, Tom [mailto:[email protected]] Sent: Tuesday, November 28, 2000 7:45 AM To: fw-1-mailinglist@lists. us. checkpoint. com (E-mail) Subject: [FW1] intrusion detection - benifits? Greetings: I have this question that I would like the community to give me their .02 worth. In an arena running Checkpoint (whatever flavor) is it really worth the time, expense, and possible network performance compromises to put a separate intrusion detection appliance online in front of the firewall? I understand that there are tons of "well, you could.." but what I am really after is "your" opinion. Would you, as the FW admin/engineer, do it. Obivously I am looking for some backup here as I am having a intrusion detection package rammed down my throat, and frankly, I don't want it. But my only defense at this point is that "is something more to manage". Thanks to all in advance!!! Tom ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|