Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW appliance comparison - Seeking input for the forum

From: david_harris () arnotts com
Date: Fri, 20 Jan 2006 15:43:33 +1100






On Wed, 18 Jan 2006, sai wrote:


on firewall if you really want all-in-one boxes. Why would you want an
IDS on the same machine as a firewall? Its not going to work. It will
not have enough signatures to give you the sort of security you need.


[What the heck, no interesting debate in a while...]

I think there's a bigger question "why would you want an IDS?"  AFAICT,
IDS's are only good for (a) stopping stuff your firewall rules should
already stop or (b) stopping known-bad stuff you have to let in that
almost always have patches or work-arounds and (c) if you're regulated
into them (i.e. HIPPA.)


I think it should be re-iterated that the D in IDS is 'Detection'. Alot of
people are using this term very loosely of late.

I agree that IDS is a waste of time except if you need to provide glossy
feel good reports to mgmt. Then theyr'e great!




Since I tend to preach good firewall rulesets and strengthening the
obvious vectors with good patching/strong configuration, I really fail to



see situations where "If only we'd had an IDS/IPS" is the matra rather
than "if only we'd patched/filtered" wasn't an altogether better mantra.

Maybe someone hitting the IDS pipe can come up with some good examples of



when just doing the right thing wouldn't have stopped whatever it is that



is known enough for signatures but not enough for configuring or
patching...

Paul


-----------------------------------------------------------------------------


Paul D. Robertson      "My statements in this message are personal

opinions

paul () compuwar net       which may have no basis whatsoever in fact."
http://fora.compuwar.net      Infosec discussion boards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


**********************************************************************
This e-mail and any files transmitted with it may contain 
confidential information and is intended solely for use by 
the individual to whom it is addressed.  If you received
this e-mail in error, please notify the sender, do not 
disclose its contents to others and delete it from your 
system.

**********************************************************************

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: