Re: (no subject)

["R. DuFresne" <dufresne () sysinfo com>]

We do that here with the same OS, but, also run IDS on the inside, to see
if what is tossed at us makes it past the FW.  But, the point of IDs in
front is merely to see what kind of things are being tossed upfront, what
new toys are being used and all.  If there's to be only one IDS system,
I'd prefer it behind the FW to make sure it remains a silent device,
catching nothing from a well honed FW upfront.  Remember an IDS up front
is going to be a noisy beast.

Thanks,

Ron DuFresne


On Fri, 5 Jan 2001 vonkie () gmx net wrote:

> Hi there,
>
> very informative list here and I can say I actually learned something (I
> didn't know that much to start with ;-) ).
>
> My question is, if it is possible to setup a firewall and IDS on one
> machine, side by side?
>
> The reason I'm asking is, that there are only 4 computers on my personal
> network, so it would be sort off an overkill to place another one on it.
>
> I tried to put an IDS between my internetconnection and firewall to see
> what is being thrown at me, but the only thing I'm able to do is let the
> IDS
> see the traffic _after_ it passed the firewall.
>
> I understand that this has value as well, since it intercepts attacks
> where the firewall didn't, but I'd like to set it up before the firewall.
>
> Is this possible (and wise?) on one machine (running linux, kernel 2.2.x)
>
> TIA
>
> Ruud

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards