Taking a broader view, security is comprised of a number of
components, as
you well know, from administering the operating system, the
users, et. al. I
see network access security as an insurance policy, a policy
that protects
the hardware, software, and information assets of the company
behind the
firewall. Is it worth the cost? Management must
determine how much the
assests protected are worth.
In terms of network access security
and in my view, there are four main
components:
1. Written Policies
2. Firewall (implements the written
policies)
3. Intrusion Detection (monitors the
open ports)
4. Content monitoring or vectoring
(anti-virus, HTTP, etc.)
Every rule that opens a port is actually opening a hole, one that can be
used for hacking. Nmap can be used to
get through the firewall on a known
open port and port scan a box behind
the firewall. And that's where IDS
comes in. IDS helps me be reasonably
certain that the "holes"
opened
in the firewall for traffic are
secured by IDS.
In support of this, one of our subnets was scanned recently using port
80 (HTTP). The firewall would have let it go through but the IDS
caught
what was happening and instructed the firewall to issue a block on
the
incoming address.
David C. Diemer, CCSA, CNE Enterprise Security Firewall
Engineer Georgia Department of Administrative Services (DOAS) [email protected]
>>> < [email protected]> 11/28/00 10:49AM
>>> We have one here, and it's quite informative. Whether
or not it's worth the $$$ that it cost is debatable, but you do get a clear
indication of who is trying what, and provides a bit of ammo for beating
web/DNS server admins of the head with respect to patch levels when you can
demonstrate that people are actually looking for exploits. We hope to
be getting some Nokia Realsecure to play with boxes early next year, which
are probably as low-hassle as you'd get. It did take a while to get an
appropriate level of reporting in place. As with all tools that log
information, too much and is ceases to be useful, too little and you're no
better off than before. On a different note, and one that as a contractor
is quite important to me is it's another skill to have, and as such is
valuable as long as there is a "perceived" benefit to IDS
packages. Perhaps not quite what you had in mind, but my
$0.02 [email protected]@lists.us.checkpoint.com on
28/11/2000 13:45:05 Sent by:
[email protected]To:
[email protected]cc: Subject: [FW1]
intrusion detection - benifits? Greetings: I have this
question that I would like the community to give me their
.02 worth. In an arena running Checkpoint (whatever flavor) is it
really worth the time, expense, and possible network performance compromises
to put a separate intrusion detection appliance online in front of the
firewall? I understand that there are tons of "well, you could.." but
what I am really after is "your" opinion. Would you, as the FW
admin/engineer, do it. Obivously I am looking for some backup here as I
am having a intrusion detection package rammed down my throat, and frankly, I
don't want it. But my only defense at this point is that "is something more
to manage". Thanks to all in
advance!!! Tom ================================================================================
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html================================================================================ ================================================================================
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html================================================================================
|