|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] intrusion detection - benifits?
Umm personally I don't like the ONLY IDS, that is currently OPSEC certified, there are more products out there that have their own benefits. and I have set up my fair share as well (so your not all alone) but you have to take into account NOT everyone needs an IDS system, NOT everyone has deep pockets Do I like IDS, yes. Is there a benefit, yes. is it more overhead to manage, YES Does everyone need it, NO. You wanted an opinion, you got one. Jon ----- Original Message ----- From: "Frank Darden" <[email protected]> To: "'Jon Vandiveer'" <[email protected]>; <[email protected]>; <[email protected]> Sent: Tuesday, November 28, 2000 6:20 PM Subject: RE: [FW1] intrusion detection - benifits? > We install a LOT of IDS, and the payback is clear. The customers we have > that use and understand IDS suffer a significant number less intrusions, and > are painfully aware of many attempts. The IDS we use integrates with > CheckPoints SAMP (Suspicious Activity Monitoring Protocol). This allows you > to block the script kiddies from further penetration activity. It also makes > the job of sploiting a particular box nerve racking at the least.. There are > some configuration issues that you might face unless you enlist the help of > someone knowledgeable with IDS eg: You need to set up filtering so that an > IP spoofing attack doesnt block access to a critical resource.. Think about > it. My stance if I were in your place would be not to let a particular IDS > be shoved down your throat. You seem rather resentful towards the idea, > since it wasnt your idea, I dont blame you. Look for the features such as > SAMP, the ability to compose attack signatures, etc.. I would guess if you > think this through, and look at it as a positive (Youll be able to mostly > see what the hell is going on), and get the features you need you will > realize that IDS will make your life easier. > > Frank > > > -----Original Message----- > From: Jon Vandiveer [mailto:[email protected]] > Sent: Tuesday, November 28, 2000 5:25 PM > To: [email protected]; [email protected] > Subject: Re: [FW1] intrusion detection - benifits? > > > Hi Tom, > Placing IDS inside of you LAN is a good idea, but ignoring the outside is a > particularly BAD idea. > It is akin to letting anyone sit out in your frontyard and look for moments > of opportunity without any protection. That's why people have security > guards and cameras watching the OUTSIDE of their buildings. > > Of course you always need to balance your need vs. your budget vs. your > return on investment. > > It is really worth it for YOUR company ? > > Jon > > > Date: Tue, 28 Nov 2000 11:21:13 -0500 > From: "Scott Murray" <[email protected]> > Subject: Re: [FW1] intrusion detection - benefits? > > Tom, > > I personally don't see the real need to have IDS running outside the > Firewall, I would have it running INSIDE the Firewall for the overly > paranoid folks. It gives you a little more peace of mind. > > Scott > > > >From: "Pellowski, Tom" <[email protected]> > >To: "fw-1-mailinglist@lists. us. checkpoint. com (E-mail)" > ><[email protected]> > >Subject: [FW1] intrusion detection - benifits? > >Date: Tue, 28 Nov 2000 08:45:05 -0500 > > > > > >Greetings: > > > >I have this question that I would like the community to give me their .02 > >worth. > > > >In an arena running Checkpoint (whatever flavor) is it really worth the > >time, expense, and possible network performance compromises to put a > >separate intrusion detection appliance online in front of the firewall? > > > >I understand that there are tons of "well, you could.." but what I am > >really > >after is "your" opinion. Would you, as the FW admin/engineer, do it. > > > >Obviously I am looking for some backup here as I am having a intrusion > >detection package rammed down my throat, and frankly, I don't want it. But > >my only defense at this point is that "is something more to manage". > > > >Thanks to all in advance!!! > > > >Tom > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
