[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] intrusion detection - benifits?
Per CISSP examination textbook Volume I: Theory pg. 18 The objective of variance detection is to allow management to detect and react to departures from established rules. It can be a very useful technique to encourage general awareness of security and to discourage dishonest and abusive employee behavior. This is a summation. There is much more to it. This falls under accountability and auditing requirements. And if you can't believe EVERYTHING you read, what can you believe? ;) ----- Original Message ----- From: "Phillip Renouf" <[email protected]> To: "Scott Schindler" <[email protected]> Sent: Wednesday, November 29, 2000 10:45 AM Subject: Re: [FW1] intrusion detection - benifits? > When I think about IDS'ing an internal network it isn't because I think > all > my employee's are untrustworthy. I want an internal IDS for two reasons: > 1. > I don't know every employee in the company and someone somewhere > probably > has enough knowledge and a chip on his shoulder to make my life > miserable > and 2. if someone makes it through my external IDS and firewall, I want > to > know what they are doing on my internal net. The internal IDS will allow > it. > > It only takes one pissed off employee to break into a system, and since > they already have authorized access to a lot of things it make their job > > easier and our job more difficult. It's just another tool for the job. > > Phil > > >Oh and by the way, holding a gun to someone, is not an analogy of > network > >security. We are not threatening employees. We are an enabler not a > >disabler. Our job is to protect their interests, not frighten them. > This > >is not an issue that you are wrong. You do not have to IDS your > internal > >net. It is simply added security. If it is a cost issue, then you > simply > >document that and get sign-off on that decision. > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|