Re: [fw-wiz] RE: IDS (was: FW appliance comparison)

On Tue, 24 Jan 2006, Patrick M. Hausen wrote:
On Tue, Jan 24, 2006 at 11:38:52AM +0700, Ben Nagy wrote:

What's your preferred method for noticing this stuff? (I'm certainly not
being sarcastic here)

Your firewall doesn't trigger an alarm for every event that's denied by policy?

That's the main reason why I don't like IDSs. A default deny
policy combined with "log everything" achieves just the same.

*blink* You don't bog down your firewall to the point of being unuseable doing that?!?

I think that there's a place and a use for IDS - but if your network
is small enough that running log everything won't bog down your
firewall(s), then - well - maybe they're not for you.

"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."
firewall-wizards mailing list