When I think about IDS'ing an internal network it isn't because I think all
my employee's are untrustworthy. I want an internal IDS for two reasons: 1.
I don't know every employee in the company and someone somewhere probably
has enough knowledge and a chip on his shoulder to make my life miserable
and 2. if someone makes it through my external IDS and firewall, I want to
know what they are doing on my internal net. The internal IDS will allow it.
It only takes one pissed off employee to break into a system, and since
they already have authorized access to a lot of things it make their job
easier and our job more difficult. It's just another tool for the job.
Phil
>Oh and by the way, holding a gun to someone, is not an analogy of network
>security. We are not threatening employees. We are an enabler not a
>disabler. Our job is to protect their interests, not frighten them. This
>is not an issue that you are wrong. You do not have to IDS your internal
>net. It is simply added security. If it is a cost issue, then you simply
>document that and get sign-off on that decision.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
