Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] intrusion detection - benifits?

To: [email protected]
Subject: Re: [FW1] intrusion detection - benifits?
From: [email protected]
Date: Tue, 28 Nov 2000 15:49:33 +0000
Cc: [email protected]
Sender: [email protected]

We have one here, and it's quite informative.  Whether or not it's worth
the $$$ that it cost is debatable, but you do get a clear indication of who
is trying what, and provides a bit of ammo for beating web/DNS server
admins of the head with respect to patch levels when you can demonstrate
that people are actually looking for exploits.  We hope to be getting some
Nokia Realsecure to play with boxes early next year, which are probably as
low-hassle as you'd get.

It did take a while to get an appropriate level of reporting in place.  As
with all tools that log information, too much and is ceases to be useful,
too little and you're no better off than before.

On a different note, and one that as a contractor is quite important to me
is it's another skill to have, and as such is valuable as long as there is
a "perceived" benefit to IDS packages.

Perhaps not quite what you had in mind, but my $0.02






[email protected]@lists.us.checkpoint.com on 28/11/2000 13:45:05

Sent by:  [email protected]


To:   [email protected]
cc:
Subject:  [FW1] intrusion detection - benifits?



Greetings:

I have this question that I would like the community to give me their .02
worth.

In an arena running Checkpoint (whatever flavor) is it really worth the
time, expense, and possible network performance compromises to put a
separate intrusion detection appliance online in front of the firewall?

I understand that there are tons of "well, you could.." but what I am
really
after is "your" opinion. Would you, as the FW admin/engineer, do it.

Obivously I am looking for some backup here as I am having a intrusion
detection package rammed down my throat, and frankly, I don't want it. But
my only defense at this point is that "is something more to manage".

Thanks to all in advance!!!

Tom




================================================================================

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Penetration Testing/Security Auditing
Next by Date: [FW1] Zip code
Previous by thread: RE: [FW1] intrusion detection - benifits?
Next by thread: Re: [FW1] intrusion detection - benifits?
Index(es):
- Date
- Thread