|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Antwort: [FW1] ISS Real Secure
1) I don't think I would agree with putting the single sensor port in your DMZ. (I hate that term anyway) If you place it there, how will you detect traffic passed from inside network to the outside? or do you guarantee that only your DMZ can access inet? (unlikely in realworld setup) What if you have several seperate DMZ's? I would recommend between inet router and firewall so that the sensor can see ALL traffic from outsiders "unfiltered" and unmangled. 2) remember that the data transmitted from sensor daemon and the master console is encrypted, also the network sensor uses a seperate interface for the IDS function and has no protocols bound. I don't think it will even let you install it without using two interfaces...nevertheless, hardening of the sensor is probably justified considering the nature of the traffic it is capable of scanning and your internal network is not to be blindly trusted. ----- Original Message ----- From: <[email protected]> To: <[email protected]> Sent: Wednesday, May 09, 2001 5:00 AM Subject: Antwort: [FW1] ISS Real Secure > > > > Hi Eliot, > > if you only have one Network Sensor than I would suggest to connect it to the > switch on the DMZ. > Otherwise you might get fired with alarms on your external network :-) > Also, if you have the posibility connect the management port of the sensor to a > separate "admin network" that is only accessible for the administrators > workstation. > > Regards, > Marco > > > > > "Eliot Irons" <[email protected]> am 08.05.2001 15:15:41 > > An: [email protected] > Kopie: (Blindkopie: Marco Rossi/asap) > > Thema: [FW1] ISS Real Secure > > > > > > > > All, > > We are deploying two Checkpoint FW-1 4.1 on Solaris 2.8 with Stonebeat > fullcluster. > > INTERNET > CSU/DSU > ROUTER > FW-1 > ROUTER > CORE SWITCH > > DMZ > > INTERNET > CSU/DSU > ROUTER > FW-1 > ROUTER > CORE SWITCH > > I am trying to find the best place behind the FWs to put a ISS Real Secure > Network Sensor. Any experience someone could share I would appreciate it. > > Eliot Irons > Information Services Security > [email protected] > > > > > This e-mail is confidential. If you are not the intended recipient, you must > not disclose or use the information contained in it. If you have received this > mail in error, please tell us immediately by return e-mail and delete the > document. > > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ > > > > > > > > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
