[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] intrusion detection - benifits?
I think we have beaten this thread to death guys and gals. We are all saying the same thing. IDS inside good. Outside even better. -----Original Message----- From: Chilton Tim [mailto:[email protected]] Sent: Thursday, November 30, 2000 4:42 AM To: Pellowski, Tom; [email protected] Subject: RE: [FW1] intrusion detection - benifits? Something useful without having to justify it - wow ! - Take it before they change their minds! IDS's are great and have provided me with useful information on many ocasions. If it's outside your firewall then you can see whats trying to come in, what the bad guys on the inside and outside are trying to do to others on the Internet - so you can report attacks to abuse@the_hackers_isp or break some fingers internally. I also like IDS's on the internal segmenets since hackers have day-time jobs too and you probably employ a couple of them. You may also want to think about how you will diagnose a problem if something does DoS/Penetrate the firewall or a host in your DMZ. If it's logged then you know where to start, the type of attack and therefore how to protect aginst it - you will therefore also see more of your wife and kids. Product wise - pick what works for you. Cheers Tim -----Original Message----- From: Pellowski, Tom [mailto:[email protected]] Sent: 28 November 2000 13:45 To: fw-1-mailinglist@lists. us. checkpoint. com (E-mail) Subject: [FW1] intrusion detection - benifits? Greetings: I have this question that I would like the community to give me their .02 worth. In an arena running Checkpoint (whatever flavor) is it really worth the time, expense, and possible network performance compromises to put a separate intrusion detection appliance online in front of the firewall? I understand that there are tons of "well, you could.." but what I am really after is "your" opinion. Would you, as the FW admin/engineer, do it. Obivously I am looking for some backup here as I am having a intrusion detection package rammed down my throat, and frankly, I don't want it. But my only defense at this point is that "is something more to manage". Thanks to all in advance!!! Tom ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ************************************************************************ The information in this email is confidential and is intended solely for the addressee(s). Access to this email by anyone else is unauthorised. If you are not an intended recipient, you must not read, use or disseminate the information contained in the email. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of The Capital Markets Company. http://www.capco.com *********************************************************************** ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|