IDS mailing list archives
Re: best ids placement?
From: Joshua Krage <jkrage () guisarme net>
Date: Tue, 19 Aug 2003 22:49:05 -0400
On Mon, Aug 18, 2003 at 02:50:20PM -0400, Rob Shein wrote:
But realistically speaking, an IDS is going to typically have connectivity via another route; otherwise how can you do IP block lookups, googling, etc. to determine more about attacks? Furthermore, besides rooting, what if the attacker merely wanted
Use a layered security model? Don't let your sniffer (which is processing unknown inputs) have access to the big bad world, and have a second box? Use a proxy or agent structure to eliminate direct access? But otherwise completely agree with your point. I don't like leaving my sniffers, with full access to network data, somewhere where they can be accessed from outside arm's reach. --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ---------------------------------------------------------------------------
Current thread:
- Re: best ids placement? Simon Adlem (Aug 14)
- RE: best ids placement? Rob Shein (Aug 19)
- Re: best ids placement? Simon Adlem (Aug 21)
- Re: best ids placement? Joshua Krage (Aug 21)
- RE: best ids placement? Rob Shein (Aug 19)