Re: Newbie IDS questions
From: Andrew Plato (aplato@anitian.com)Date: 01/11/02
- Previous message: Brian Wiese: "Fw: Re: Newbie IDS questions"
- Maybe in reply to: Mike Hrubes: "Newbie IDS questions"
- Next in thread: Nobuo Suketomo: "Re: Newbie IDS questions"
- Next in thread: Steve A. Tindle III: "Re: Newbie IDS questions"
- Next in thread: Brian Wiese: "Fw: Re: Newbie IDS questions"
- Maybe reply: Brian Wiese: "Fw: Re: Newbie IDS questions"
- Reply: Nobuo Suketomo: "Re: Newbie IDS questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 11 Jan 2002 02:38:11 -0000 From: Andrew Plato <aplato@anitian.com> To: focus-ids@securityfocus.com('binary' encoding is not supported, stored as-is)
In-Reply-To: <9DCB77D01366AA4497DAFA759E1EB580BFAC33@WW1WEX01>
>The idea that has been proposed is to put the IDS in
> the path between connections,
> rather than connected in promiscuous mode.
BlackICE Guard does exactly this. Its the BlackICE
IDS on a dual interface system. Traffic enters one
interface, gets IDS'ed, and if an intrusion is seen,
blocked. "Safe" traffic exits the other interface. See:
http://www.networkice.com/products/blackice_guard.
html
We sell these as appliances and have quite a few in
the feild protecting AIX and UNIX boxes. With the right
tweaking, they are very powerful.
But they are not a replacement for a firewall. You
should still have a good firewall.
Andrew Plato
President / Principal Consultant
Anitian Corporation
www.anitian.com
- Previous message: Brian Wiese: "Fw: Re: Newbie IDS questions"
- Maybe in reply to: Mike Hrubes: "Newbie IDS questions"
- Next in thread: Nobuo Suketomo: "Re: Newbie IDS questions"
- Next in thread: Steve A. Tindle III: "Re: Newbie IDS questions"
- Next in thread: Brian Wiese: "Fw: Re: Newbie IDS questions"
- Maybe reply: Brian Wiese: "Fw: Re: Newbie IDS questions"
- Reply: Nobuo Suketomo: "Re: Newbie IDS questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
