NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] intrusion detection - benifits?


Tom,
I presume you're talking about Network based IDS. I'd say there's little point in having this without some form of Server or log based IDS involving file baselining, otherwise even if you detect suspicious network traffic, you can never be sure of tampering on the servers themselves. That would be the first step I'd advise taking. The second thing I'd ask is what traffic is allowed in through the Firewall and is it possible to exploit the applications that are available as a result ? This is the only traffic you have to worry about if you trust your Firewall software and your configuration of it.

My .02's worth

Seb

At 11:21 28/11/2000 -0500, you wrote:

Tom,

I personally don't see the real need to have IDS running outside the Firewall, I would have it running INSIDE the Firewall for the overly paranoid folks. It gives you a little more peace of mind.

Scott


From: "Pellowski, Tom" <[email protected]>
To: "fw-1-mailinglist@lists. us. checkpoint. com (E-mail)"
<[email protected]>
Subject: [FW1] intrusion detection - benifits?
Date: Tue, 28 Nov 2000 08:45:05 -0500


Greetings:

I have this question that I would like the community to give me their .02
worth.

In an arena running Checkpoint (whatever flavor) is it really worth the
time, expense, and possible network performance compromises to put a
separate intrusion detection appliance online in front of the firewall?

I understand that there are tons of "well, you could.." but what I am really
after is "your" opinion. Would you, as the FW admin/engineer, do it.

Obivously I am looking for some backup here as I am having a intrusion
detection package rammed down my throat, and frankly, I don't want it. But
my only defense at this point is that "is something more to manage".

Thanks to all in advance!!!

Tom




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


_____________________________________________________________________________________
Get more from the Web.  FREE MSN Explorer download : http://explorer.msn.com



================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================




================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================


  
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.