IDS is Intrussion Detection System. Network based IDS include
things like logging of packet filters on firewalls and routers,
etc. Host based IDS include things like tripwire, swatch, etc.
-Rich
______________________________ Reply Separator _________________________________
Subject: RE: Response to hack attempt?
Author: Derek Martin <[EMAIL PROTECTED]> at Internet
Date: 7/19/99 6:21 PM
On Mon, 19 Jul 1999, Larry Chin wrote:
> - Set up a good router/bastion/router firewall.
> - Use a network based IDS system ( preferably ) inside and outside your
> firewall
> - Use host based IDS ( tripwire or some such ) on your hosts
> - Use swatch or some such to keep an eye on your log files
> - Make sure you have good backups - just in case ( I once had a hacker
> wipe a machine on his way "out" )
> - Make all your hosts as secure as possible without making them unuseable
> ( probably easier to do with *NIX as opposed to a M$ OS )
I agree with everything you say in your message, but I would like to
suggest that you take care in using TLA's (three-letter acronyms) when
making posts such as this... Typically the people who are most interested
in reading this type of post are the complete newbies, as well as the
less-experienced. Both groups are relatively unlikely to know what your
TLA's stand for.
I myself have some experience with security and firewalls (but I'm
admittedly no expert), and though I can infer the gist of it from context,
I still don't know to what you are referring when you use IDS, so I would
not be surprised if the person you were replying to doesn't either.
Thanks!
--
Derek D. Martin | UNIX System Administrator
[EMAIL PROTECTED] | [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
