IDS mailing list archives
RE: IDS interface setup
From: "Miller, Joe" <joe.miller () us mizuho-sc com>
Date: Thu, 3 Apr 2003 10:18:46 -0500
In the process of setting up a IDS box in the DMZ. The box has 3 interfaces. 2 interfaces are to run in promiscuous mode, 1 interface is to be used for management (non-promiscuous mode). The DMZ is sandwiched between firewalls. Question: What would be more secure, putting the management interface on the internal VLAN, or the DMZ VLAN? INTERNAL ARGUMENT: - Someone would have to compromise 2 layers of firewalls to get at the intenal interface. - Betting that the box would not be compromised through promiscuous mode interfaces. - Problem is if the box is compromised, attacker has access to internal network (although you can limit access by setting ACL's on box, router, etc.) DMZ ARGUMENT: - You can perform a stateful inspection of the management interface through the back firewall. - If the box was compromised, the attacker would not have access to the internal interface. - Problem is that the management interface is more vunerable in the DMZ. I would like to hear your thoughts. thx. ##################################################################################### CONFIDENTIAL: This e-mail, including its contents and attachments, if any, are confidential. It is neither an offer to buy or sell, nor a solicitation of an offer to buy or sell, any securities or any related financial instruments mentioned in it. If you are not the named recipient please notify the sender and immediately delete it. You may not disseminate, distribute, or forward this e-mail message or disclose its contents to anybody else. Unless otherwise indicated, copyright and any other intellectual property rights in its contents are the sole property of Mizuho Securities USA Inc. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Although we routinely screen for viruses, addressees should check this e-mail and any attachments for viruses. We make no representation or warranty as to the absence of viruses in this e-mail or any attachments. Please note that to ensure regulatory compliance and for the protection of our customers and business, we may monitor and read e-mails sent to and from our server(s). ##################################################################################### ----------------------------------------------------------- ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation. http://www.spidynamics.com/mktg/webappsecurity71
Current thread:
- RE: IDS interface setup Miller, Joe (Apr 03)
- RE: IDS interface setup Paul Schmehl (Apr 03)