NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] intrusion detection - benifits?



Per CISSP examination textbook  Volume I: Theory  pg. 18

The objective of variance detection is to allow management to detect and
react to departures from established rules.  It can be a very useful
technique to encourage general awareness of security and to discourage
dishonest and abusive employee behavior.

This is a summation.  There is much more to it.  This falls under
accountability and auditing requirements.
And if you can't believe EVERYTHING you read, what can you believe?  ;)

----- Original Message -----
From: "Phillip Renouf" <[email protected]>
To: "Scott Schindler" <[email protected]>
Sent: Wednesday, November 29, 2000 10:45 AM
Subject: Re: [FW1] intrusion detection - benifits?


> When I think about IDS'ing an internal network it isn't because I think
> all
> my employee's are untrustworthy. I want an internal IDS for two reasons:
> 1.
> I don't know every employee in the company and someone somewhere
> probably
> has enough knowledge and a chip on his shoulder to make my life
> miserable
> and 2. if someone makes it through my external IDS and firewall, I want
> to
> know what they are doing on my internal net. The internal IDS will allow
> it.
>
> It only takes one pissed off employee to break into a system, and since
> they already have authorized access to a lot of things it make their job
>
> easier and our job more difficult. It's just another tool for the job.
>
> Phil
>
> >Oh and by the way, holding a gun to someone, is not an analogy of
> network
> >security.  We are not threatening employees.  We are an enabler not a
> >disabler.  Our job is to protect their interests, not frighten them.
> This
> >is not an issue that you are wrong.  You do not have to IDS your
> internal
> >net.  It is simply added security.  If it is a cost issue, then you
> simply
> >document that and get sign-off on that decision.
>


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.