Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] intrusion detection - benefits?

To: "'Scott Murray'" <[email protected]>, [email protected], [email protected]
Subject: RE: [FW1] intrusion detection - benefits?
From: "Oxenreider, Jeff" <[email protected]>
Date: Tue, 28 Nov 2000 13:09:42 -0500
Sender: [email protected]

Title: RE: [FW1] intrusion detection - benefits?

I personally have an IDS system outside of my firewall between the firewall and my internet router to watch the things that happen, but don't make it into the network, thanks to my firewall. Based on the reports from this IDS system, I report things like port scans and vulnerability attempts to the offenders ISP so they know that something has possibly been compromised on their system or they are housing a hack of some sort. I have another right inside my firewall, to "keep my firewall honest" and make sure that nothing breeches my security and I run separate IDS systems in each of my vlans and remote networks (one per broadcast domain) since studies that I've heard about but not read state that upwards to 80% of all "intrusion" attempts are from internal employees.

That's how I do my security, ymmv.

Jeffrey A. Oxenreider
Network Security Engineer
Safelite Glass Corp

-----Original Message-----
From: Scott Murray [mailto:[email protected]]
Sent: Tuesday, November 28, 2000 11:21 AM
To: [email protected]; [email protected]
Subject: Re: [FW1] intrusion detection - benifits?

Tom,

I personally don't see the real need to have IDS running outside the
Firewall, I would have it running INSIDE the Firewall for the overly
paranoid folks. It gives you a little more peace of mind.

Scott

>From: "Pellowski, Tom" <[email protected]>
>To: "fw-1-mailinglist@lists. us. checkpoint. com (E-mail)"
><[email protected]>
>Subject: [FW1] intrusion detection - benifits?
>Date: Tue, 28 Nov 2000 08:45:05 -0500
>
>
>Greetings:
>
>I have this question that I would like the community to give me their .02
>worth.
>
>In an arena running Checkpoint (whatever flavor) is it really worth the
>time, expense, and possible network performance compromises to put a
>separate intrusion detection appliance online in front of the firewall?
>
>I understand that there are tons of "well, you could.." but what I am
>really
>after is "your" opinion. Would you, as the FW admin/engineer, do it.
>
>Obivously I am looking for some backup here as I am having a intrusion
>detection package rammed down my throat, and frankly, I don't want it. But
>my only defense at this point is that "is something more to manage".
>
>Thanks to all in advance!!!
>
>Tom
>
>
>
>
>================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>================================================================================

_____________________________________________________________________________________
Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com

================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] URI Resource
Next by Date: Re: [FW1] Solaris and IP-Forwarding
Previous by thread: [FW1] Troubles with upgrading
Next by thread: Réf. : [FW1] Re-installing FW-1 on a new machine
Index(es):
- Date
- Thread