From: "Steve Bremer" <[EMAIL PROTECTED]> > tri-homed firewall, more so if you have IDS sensors at exterior, dmz, > and interior, and the time to monitor them.
Changing subjects a little bit here. I agree with our IDS comment, but I'm curious about how your external IDS is used.
I've ran into differing opinions on this (as I do with most things security related ;-), but I I don't think that I would want the external IDS monitoring incoming traffic. Why? Because it would be going off all the time. As many times as we're probed during the day, the IDS sensor would be in a constant state of sending alerts. Yes, you could adjust the rules to reduce this, but then what is the point of having the IDS sensor there? However, I believe the external IDS sensor should be there to monitor traffic leaving your external firewall so you can see if one of your internal or DMZ hosts have been compromised.
What do you think?
Well, I think the idea is that if you start seeing funny stuff in your dmz or lan you can track it back to the exterior and pick up some extra info. Also, this can give you a good record of the types of badness out there, makes for impressive reports to management when you're asking for more budget. "You see, I told you we were living in a warzone."
Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates
"Within every man beats a heart of darkness." --The Shadow
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
