Snort mailing list archives
Re: Firewall vs IDS
From: "Simon Gray" <simong () desktop-guardian com>
Date: Tue, 29 Apr 2003 10:33:55 +0100
Possibly an IDS either side of your firewall, to compare. You can then check to see if the firewall is doing what its suppose to do. S ----- Original Message ----- From: "Brian M. Diehl" <bdiehl () a1limo com> To: "Always Bishan" <bishan4u () yahoo co uk> Cc: <snort-users () lists sourceforge net> Sent: Monday, April 28, 2003 6:00 PM Subject: RE: [Snort-users] Firewall vs IDS I don't have any whitepapers or such. A firewall will restrict access to selected ports and selected IP addresses to those ports. A IDS box looks at all the traffic coming across the wire and matches it to a sig base. Why would you want both? Well a perfect example is IIS (Web server - port 80) and things like CMD access attempts, code red, nimda etc. On your firewall you allow port 80 because you are running a web server. But what if someone was trying to hack your web server? If you have an IDS box right AFTER your firewall, you now have the chance to tell that someone was attempting to break into your web server. HTH, --Brian. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Firewall vs IDS Always Bishan (Apr 28)
- <Possible follow-ups>
- Re: Firewall vs IDS Neil Dickey (Apr 28)
- RE: Firewall vs IDS Brian M. Diehl (Apr 28)
- Re: Firewall vs IDS Simon Gray (Apr 29)