Re: [fw-wiz] FW appliance comparison - Seeking input for the forum

---

• From: "Paul D. Robertson" <paul@xxxxxxxxxxxx>
• Date: Wed, 18 Jan 2006 20:29:27 -0500 (EST)

---

On Thu, 19 Jan 2006, Devdas Bhagat wrote:

> > > IDS on the same machine as a firewall? Its not going to work. It will
> > > not have enough signatures to give you the sort of security you need.
> > >
> > [What the heck, no interesting debate in a while...]
> >
> > I think there's a bigger question "why would you want an IDS?" AFAICT,
> > IDS's are only good for (a) stopping stuff your firewall rules should
> > already stop or (b) stopping known-bad stuff you have to let in that
> > almost always have patches or work-arounds and (c) if you're regulated
> > into them (i.e. HIPPA.)
>
> An IDS is _not_ an IPS. An IDS monitors your system/network for failures
> of security systems. It does not interfere with traffic.
>
> An IDS helps in quantifying threats as well. "We got $n low threat port
> scans, $v viruses incoming, $s spam..."

s/stopping/detecting and then allowing you to stop out of band/

> An IPS, OTOH, is a proxy with default allow. All your criticisms apply
> there.

Same pipe, different rocks. ;)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."
http://fora.compuwar.net Infosec discussion boards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

---

• References:
  • Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
    • From: Devdas Bhagat

• Prev by Date: RE: [fw-wiz] FW appliance comparison - Seeking input for the forum
• Next by Date: RE: [fw-wiz] testing xp sp2 firewall
• Previous by thread: Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
• Next by thread: Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Thinking about Security rules... ... > Subject: Re: Thinking about Security rules... ... >>rules for the IDS. ... by which you attack. ... firewalls in series isn't nearly as nice as a stateful firewall coupled ... (Vuln-Dev) Re: Is IDS/IPS worthless? ... >>firewall instead of in front of it should BOTH ... >>fill in the gap left by the false sense of security firewalls give (a ... >IDS technology and I certainly believe in the usefullness of IDS. ... that is confusing IDS and NIDS together. ... (Focus-IDS) Gartner comments (was Re: Rather funny; looks like page defacement to me) ... All IDS systems produce falses. ... In fact, all network security ... firewall monitoring long before they deployed their first IDS. ... Gartner, you really missed the boat on this one. ... (Focus-IDS) Re: IDS on Switched Networks ... connecting a network IDS to it would be fine. ... Higher state of alert you know what attacks you are ... If your firewall has NAT turned on, ... (Focus-IDS) RE: IDS, IPS or just rubbish ... then it sounds a lot like an IDS to me. ... I wonder what ISS' new firewall will be called? ... They do not have many signatures. ... world's premier technical IT security event! ... (Focus-IDS)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Firewall-Wizards  > 2006-01