Re: [fw-wiz] RE: IDS (was: FW appliance comparison)

Cat Okita <cat@xxxxxxxxxxxx> · Tue, 24 Jan 2006 22:49:29 -0500 (EST)

On Tue, 24 Jan 2006, Marcus J. Ranum wrote:

Cat Okita wrote:

... but I'm not thinking of a 'little' bit of logging.  I'm thinking of
"look at everything that could -possibly- be of interest".

Isn't that what a "firewall" does?? I mean how could you call
the thing a "firewall" if it did less than that? That'd be pretty
lame, wouldn't it?

Heh.  You're right - I should have said "record everything that could
possibly be of interest" (which is not what I want my firewall to do -
I'd like it to record things I'm sure I care about)
At any rate, I think of my IDS and my firewall as fufilling different
albeit complimentary functions.  I want the IDS to be an overly sensitive
touchy-feely creature, while my firewall is in staunch denial, and
allows only the barest minimum through to its delicate innards[0] - and
this translates to the amount of logging and capture I expect out of
each.
From my IDS, the proverbial volumes of handwritten poorly spelled prose

and poetry decorated with florid petunias, and from my firewall the single 
typewritten ***.
cheers!
[0] I suppose that the degree to which one might use 'delicate innards'
would vary according to the type of firewall - an application proxy
like Gaunlet might need to be considered a rumminant...
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards