Re: Firewall vs IDS

["Simon Gray" <simong () desktop-guardian com>]

Possibly an IDS either side of your firewall, to compare. You can then check
to see if the firewall is doing what its suppose to do.

S
----- Original Message ----- 
From: "Brian M. Diehl" <bdiehl () a1limo com>
To: "Always Bishan" <bishan4u () yahoo co uk>
Cc: <snort-users () lists sourceforge net>
Sent: Monday, April 28, 2003 6:00 PM
Subject: RE: [Snort-users] Firewall vs IDS


I don't have any whitepapers or such.  A firewall will restrict access
to selected ports and selected IP addresses to those ports.  A IDS box
looks at all the traffic coming across the wire and matches it to a sig
base.  Why would you want both?  Well a perfect example is IIS (Web
server - port 80) and things like CMD access attempts, code red, nimda
etc.  On your firewall you allow port 80 because you are running a web
server.  But what if someone was trying to hack your web server? If you
have an IDS box right AFTER your firewall, you now have the chance to
tell that someone was attempting to break into your web server.

HTH,

--Brian.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users