Re: [fw-wiz] How should an Internet connection/firewall be designed?

Dave Piscitello wrote:
Kaas, David D wrote:

How many companies have an IPS/deep-packet-inspection device between the
firewall and the border router?

I honestly don't see a lot of this and unless there's a specific DOS
prevention issue, I don't see a lot of point in policing traffic that I
expect my firewall to block.

Back when I still did security for a living, I was a supporter of having
an IDS device between your border router and your external firewall.
However it was not for the reasons most folks might think. I wanted the
external IDS in logging-only (no alarms) mode, purely for forensic and
legal purposes. When we saw something funky on our internal/DMZ nets, we
could look at the external logs to see if it was part of an attack pattern.

Of course there is a cost/benefit analysis that has to be done to
determine if the data mining is worth the cost of the device.

I agree that anyone who has alarms enabled from an outside-the-firewall
IDS probably ought to go see a professional about their paranoia issues...

--
Carson
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: Newbie to firewalls - do I need one?
    ... > you recommend as a good freeware firewall (if there is such a thing ... > Would these provide effective protection in a broadband environment? ... you need a firewall to block malware at the gateway to your home/office ... LAN, i.e., at the border router. ...
    (comp.security.firewalls)
  • Re: Hardware Firewall!
    ... I have a network within a University network ... There is a border router in place with a large firewall for ... >protection. ...
    (microsoft.public.win2000.security)
  • RE: Thinking about Security rules...
    ... > Subject: Re: Thinking about Security rules... ... >>rules for the IDS. ... by which you attack. ... firewalls in series isn't nearly as nice as a stateful firewall coupled ...
    (Vuln-Dev)
  • Re: Is IDS/IPS worthless?
    ... >>firewall instead of in front of it should BOTH ... >>fill in the gap left by the false sense of security firewalls give (a ... >IDS technology and I certainly believe in the usefullness of IDS. ... that is confusing IDS and NIDS together. ...
    (Focus-IDS)
  • Gartner comments (was Re: Rather funny; looks like page defacement to me)
    ... All IDS systems produce falses. ... In fact, all network security ... firewall monitoring long before they deployed their first IDS. ... Gartner, you really missed the boat on this one. ...
    (Focus-IDS)