NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] intrusion detection - benifits?



Taking a broader view, security is comprised of a number of components, as
you well know, from administering the operating system, the users, et. al.  I
see network access security as an insurance policy, a policy that protects
the hardware, software, and information assets of the company behind the
firewall.  Is it worth the cost?  Management must determine how much the
assests protected are worth.
 
In terms of network access security and in my view, there are four main
components:
 
    1.  Written Policies
    2.  Firewall (implements the written policies)
    3.  Intrusion Detection (monitors the open ports)
    4.  Content monitoring or vectoring (anti-virus, HTTP, etc.)
 
Every rule that opens a port is actually opening a hole, one that can be
used for hacking. Nmap can be used to get through the firewall on a known
open port and port scan a box behind the firewall.  And that's where IDS
comes in.  IDS helps me be reasonably certain that the "holes" opened
in the firewall for traffic are secured by IDS.
 
In support of this, one of our subnets was scanned recently using port
80 (HTTP).  The firewall would have let it go through but the IDS caught
what was happening and instructed the firewall to issue a block on the
incoming address.
 
David C. Diemer, CCSA, CNE
Enterprise Security Firewall Engineer
Georgia Department of Administrative Services (DOAS)
[email protected]

>>> <[email protected]> 11/28/00 10:49AM >>>

We have one here, and it's quite informative.  Whether or not it's worth
the $$$ that it cost is debatable, but you do get a clear indication of who
is trying what, and provides a bit of ammo for beating web/DNS server
admins of the head with respect to patch levels when you can demonstrate
that people are actually looking for exploits.  We hope to be getting some
Nokia Realsecure to play with boxes early next year, which are probably as
low-hassle as you'd get.

It did take a while to get an appropriate level of reporting in place.  As
with all tools that log information, too much and is ceases to be useful,
too little and you're no better off than before.

On a different note, and one that as a contractor is quite important to me
is it's another skill to have, and as such is valuable as long as there is
a "perceived" benefit to IDS packages.

Perhaps not quite what you had in mind, but my $0.02






[email protected]@lists.us.checkpoint.com on 28/11/2000 13:45:05

Sent by:  [email protected]


To:   [email protected]
cc:
Subject:  [FW1] intrusion detection - benifits?



Greetings:

I have this question that I would like the community to give me their .02
worth.

In an arena running Checkpoint (whatever flavor) is it really worth the
time, expense, and possible network performance compromises to put a
separate intrusion detection appliance online in front of the firewall?

I understand that there are tons of "well, you could.." but what I am
really
after is "your" opinion. Would you, as the FW admin/engineer, do it.

Obivously I am looking for some backup here as I am having a intrusion
detection package rammed down my throat, and frankly, I don't want it. But
my only defense at this point is that "is something more to manage".

Thanks to all in advance!!!

Tom




================================================================================

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.