[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] intrusion detection - benifits?
We install a LOT of IDS, and the payback is clear. The customers we have that use and understand IDS suffer a significant number less intrusions, and are painfully aware of many attempts. The IDS we use integrates with CheckPoints SAMP (Suspicious Activity Monitoring Protocol). This allows you to block the script kiddies from further penetration activity. It also makes the job of sploiting a particular box nerve racking at the least.. There are some configuration issues that you might face unless you enlist the help of someone knowledgeable with IDS eg: You need to set up filtering so that an IP spoofing attack doesnt block access to a critical resource.. Think about it. My stance if I were in your place would be not to let a particular IDS be shoved down your throat. You seem rather resentful towards the idea, since it wasnt your idea, I dont blame you. Look for the features such as SAMP, the ability to compose attack signatures, etc.. I would guess if you think this through, and look at it as a positive (Youll be able to mostly see what the hell is going on), and get the features you need you will realize that IDS will make your life easier. Frank -----Original Message----- From: Jon Vandiveer [mailto:[email protected]] Sent: Tuesday, November 28, 2000 5:25 PM To: [email protected]; [email protected] Subject: Re: [FW1] intrusion detection - benifits? Hi Tom, Placing IDS inside of you LAN is a good idea, but ignoring the outside is a particularly BAD idea. It is akin to letting anyone sit out in your frontyard and look for moments of opportunity without any protection. That's why people have security guards and cameras watching the OUTSIDE of their buildings. Of course you always need to balance your need vs. your budget vs. your return on investment. It is really worth it for YOUR company ? Jon Date: Tue, 28 Nov 2000 11:21:13 -0500 From: "Scott Murray" <[email protected]> Subject: Re: [FW1] intrusion detection - benefits? Tom, I personally don't see the real need to have IDS running outside the Firewall, I would have it running INSIDE the Firewall for the overly paranoid folks. It gives you a little more peace of mind. Scott >From: "Pellowski, Tom" <[email protected]> >To: "fw-1-mailinglist@lists. us. checkpoint. com (E-mail)" ><[email protected]> >Subject: [FW1] intrusion detection - benifits? >Date: Tue, 28 Nov 2000 08:45:05 -0500 > > >Greetings: > >I have this question that I would like the community to give me their .02 >worth. > >In an arena running Checkpoint (whatever flavor) is it really worth the >time, expense, and possible network performance compromises to put a >separate intrusion detection appliance online in front of the firewall? > >I understand that there are tons of "well, you could.." but what I am >really >after is "your" opinion. Would you, as the FW admin/engineer, do it. > >Obviously I am looking for some backup here as I am having a intrusion >detection package rammed down my throat, and frankly, I don't want it. But >my only defense at this point is that "is something more to manage". > >Thanks to all in advance!!! > >Tom ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|