Re: [fw-wiz] finding security threats

From: Marcus J. Ranum (mjr@ranum.com)
Date: 12/30/02


To: Kilaru Sambaiah <sambaiah@antaares.com>, firewall-wizards@honor.icsalabs.com
From: "Marcus J. Ranum" <mjr@ranum.com>
Date: Mon Dec 30 08:09:04 2002

Kilaru Sambaiah wrote:
> All the firewalls and other tools are designed for securing
> systems from any threat. Is there any way to find that my local
> systems are breaking systems some where.

Most Intrusion Detection Systems that work on network traffic
don't make a distinction between "inside" and "outside" - they
look for attacks and intrusions going in any direction. Back in
the early days of the IDS business, we found a lot of our customers
were really surprised when the IDS we installed detected their
employees hacking other sites. I think employees are a tiny bit
more savvy about that, now...

mjr.

---
Marcus J. Ranum				http://www.ranum.com
Computer and Communications Security	mjr@ranum.com