NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] RE: intrusion detection - benefits

Your response is not uncommon, but the actual recommendation for IDS is a
network sensor on each subnet and interface of the firewall and host IDS on
each server at a minimum.

IDS is 100% necessary.  People, particularly security professionals, should
stop looking as IDS as an "added benefit."  The firewall is 51% of your
perimeter security solution.  The IDS system is 49%.  Security policy,
maintenance, anti-virus, etc. not-withstanding.

If your IDS system cannot auto update your firewall's state table, or you
don't know how to script that capability, then your IDS is the limited
solution that most take it for.

An IDS system is reactionary and that is its limitation, but God does not
make an IDS solution so we must settle for now.

----- Original Message -----
From: "Scott Murray" <[email protected]>
To: <[email protected]>; <[email protected]>
Sent: Tuesday, November 28, 2000 10:21 AM
Subject: Re: [FW1] intrusion detection - benifits?


>
> Tom,
>
> I personally don't see the real need to have IDS running outside the
> Firewall, I would have it running INSIDE the Firewall for the overly
> paranoid folks.  It gives you a little more peace of mind.
>
> Scott
>
>
> >From: "Pellowski, Tom" <[email protected]>
> >To: "fw-1-mailinglist@lists. us. checkpoint. com (E-mail)"
> ><[email protected]>
> >Subject: [FW1] intrusion detection - benifits?
> >Date: Tue, 28 Nov 2000 08:45:05 -0500
> >
> >
> >Greetings:
> >
> >I have this question that I would like the community to give me their
> .02
> >worth.
> >
> >In an arena running Checkpoint (whatever flavor) is it really worth the
> >time, expense, and possible network performance compromises to put a
> >separate intrusion detection appliance online in front of the firewall?
> >
> >I understand that there are tons of "well, you could.." but what I am
> >really
> >after is "your" opinion. Would you, as the FW admin/engineer, do it.
> >
> >Obivously I am looking for some backup here as I am having a intrusion
> >detection package rammed down my throat, and frankly, I don't want it.
> But
> >my only defense at this point is that "is something more to manage".
> >
> >Thanks to all in advance!!!
> >
> >Tom
> >
> >
> >
> >
> >=======================================================================
> =========
> >      To unsubscribe from this mailing list, please see the
> instructions at
> >                http://www.checkpoint.com/services/mailing.html
> >=======================================================================
> =========
>
> ________________________________________________________________________
> _____________
> Get more from the Web.  FREE MSN Explorer download :
> http://explorer.msn.com
>
>
>
> ========================================================================
> ========
>      To unsubscribe from this mailing list, please see the instructions
> at
>                http://www.checkpoint.com/services/mailing.html
> ========================================================================
> ========
Scott Schindler
Enstar Training Manager
"Securing Your e-Business Frontier"


  
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.