Re: How should an Internet connection/firewall be designed?

["R. DuFresne" <dufresne () sysinfo com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 18 Jan 2007, Dave Piscitello wrote:

        [SNIP]

> > How many companies still use IDS?
>
> Depends on your use of the word "use" - lots still have IDS and IPS connected 
> to networks. I suspect fewer meaningfully improve their security profile 
> because they have dummied them down, or don't use what they monitor. I'm 
> among the "A properly configured and administered firewall is often as good 
> or better than IDS because it *is* IPS" radicals.


Actually a minor correction or perception here, most implementations of 
IDS systems have traditionally been of no real benefit to an organizations 
security posture, since the vast majority were and remain placed in a poor 
place or position of the security environment to serve any real or 
significant purpose, since the vast majority of these were positioned in 
front of the firewall on the outside of the perimeter of the network. 
Their main purpose being to enhance budgets and head counts.


        [SNIP]

Thanks,

Ron DuFresne
- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFuPZhst+vzJSwZikRAhkVAKDSxgn5nlNVc2cfIZiZZjthoo+DJgCggrI3
FXD/hOeWD5huIGmJXl1BgKg=
=1cHU
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards