IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IDS interface setup

From: "Miller, Joe" <joe.miller () us mizuho-sc com>
Date: Thu, 3 Apr 2003 10:18:46 -0500

In the process of setting up a IDS box in the DMZ. The box has 3 interfaces. 2 interfaces are to run in promiscuous 
mode, 1 interface is to be used for management (non-promiscuous mode). The DMZ is sandwiched between firewalls.

Question: What would be more secure, putting the management interface on the internal VLAN, or the DMZ VLAN?

INTERNAL ARGUMENT:
- Someone would have to compromise 2 layers of firewalls to get at the intenal interface.
- Betting that the box would not be compromised through promiscuous mode interfaces.
- Problem is if the box is compromised, attacker has access to internal network (although you can limit access by 
setting ACL's on box, router, etc.)

DMZ ARGUMENT:
- You can perform a stateful inspection of the management interface through the back firewall.
- If the box was compromised, the attacker would not have access to the internal interface.
- Problem is that the management interface is more vunerable in the DMZ.


I would like to hear your thoughts.

thx.
#####################################################################################
CONFIDENTIAL: This e-mail, including its contents and attachments, if any, are confidential. It is neither an offer to 
buy or sell, nor a solicitation of an offer to buy or sell, any securities or any related financial instruments 
mentioned in it. If you are not the named recipient please notify the sender and immediately delete it. You may not 
disseminate, distribute, or forward this e-mail message or disclose its contents to anybody else. Unless otherwise 
indicated, copyright and any other intellectual property rights in its contents are the sole property of Mizuho 
Securities USA Inc.
     E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept 
liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission.  
If verification is required please request a hard-copy version.
     Although we routinely screen for viruses, addressees should check this e-mail and any attachments for viruses. We 
make no representation or warranty as to the absence of viruses in this e-mail or any attachments. Please note that to 
ensure regulatory compliance and for the protection of our customers and business, we may monitor and read e-mails sent 
to and from our server(s).
#####################################################################################

-----------------------------------------------------------
ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis
Learn why 70% of today's successful hacks involve Web Application
attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter
Manipulation.
http://www.spidynamics.com/mktg/webappsecurity71
Previous By Date Next
Previous By Thread Next

Current thread: