Firewall Wizards mailing list archives
Re: IDS outside of firewall?
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Mon, 03 Aug 1998 22:26:49 -0400
Ryan Russell wrote:
Marcus, you're in a good postion to comment... If I only have budget for one, where's the best place to put it?
I'd stick it inside, mostly because if it were outside it'd likely generate too many uninteresting alerts (where I define "uninteresting alert" as one that notifies you of an attack launched against your firewall that you know your firewall can block). I might go further and configure it to have different alert levels for intrusion signatures directed against key internal systems (servers and whatnot) and outgoing through the firewall (naughty insiders running up the risk of big legal bills). mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- Re: IDS outside of firewall?, (continued)
- Re: IDS outside of firewall? Joseph S. D. Yao (Aug 03)
- Re: IDS outside of firewall? Jeff Sedayao (Aug 05)
- Message not available
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Woody Weaver (Aug 03)
- Re: IDS outside of firewall? Henry Hertz Hobbit (Aug 04)
- Re: IDS outside of firewall? Woody Weaver (Aug 05)
- Re: IDS outside of firewall? Henry Hertz Hobbit (Aug 04)
- Re: IDS outside of firewall? Stephen P. Berry (Aug 03)
- Re: IDS outside of firewall? Ryan Russell (Aug 03)
- Re: IDS outside of firewall? Jennifer Galvin (Aug 03)
- Re: IDS outside of firewall? Ryan Russell (Aug 03)
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Jeff Maddox (Aug 04)
- Re: IDS outside of firewall? Marcus J. Ranum (Aug 03)
- Re: IDS outside of firewall? Paul Howell (Aug 04)
- Re: IDS outside of firewall? ark (Aug 05)
- Re: IDS outside of firewall? Joseph S. D. Yao (Aug 06)