Re: Newbie IDS questions
From: Jason Dixon (jwdixon1@yahoo.com)Date: 01/16/02
- Previous message: Higgins, Chris AG:EX: "RE: IDS bakeoff - help!"
- In reply to: by way of L. Taylor Banks: "Re: Newbie IDS questions"
- Next in thread: dr.kaos: "Re: Newbie IDS questions"
- Next in thread: Brian Wiese: "Fw: Re: Newbie IDS questions"
- Maybe reply: Brian Wiese: "Fw: Re: Newbie IDS questions"
- Reply: dr.kaos: "Re: Newbie IDS questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Jan 2002 17:48:52 -0500 To: dr.kaos <dr.kaos@kaos.to>(by way of L. Taylor Banks <taylor@secretagenda.org>), "Steve A. Tindle III" <leonexis@nuleo.org>, <MHrubes@wizmo.com> From: Jason Dixon <jwdixon1@yahoo.com>
>1> Unless you shell out bucks for the "professional" (commercial) version of
>the firewall, you are limited to one external IP and port forwarding via that
>IP. This severely limits one's ability to maintain multiple servers providing
>the same service without putting standard services on non-standard ports
>(i.e. having to tell people to go to http://someurl.com:86/)
Yes, but you don't have to do that either. You could always use a free
redirector service like that found at http://mydomain.com. They can point
your hostname to any non-standard url/port combination.
>2> Again, unless you but the commercial version you are not able to
>administer policy for outbound traffic via the admin GUI, which should be a
>concern for any administrator, regardless of trust in internal users (should
>an attacker compromise an internal host, policies need to be in place to
>prevent outbound attacks from your own network).
Reverse proxy?
>3> Although Snort is implemented on the GPL version, there are no
>administrative facilities to add/modify/remove existing rules, nor are there
>tools for customization of IDS policy (i.e. to prevent false positive port
>scans from upstream DNS servers you have to manually modify the Snort config
>files, which defeats the point of having a GUI-administered facility in the
>first place).
Again, I see no problem in implementing this internally, as long as your
network can support it.
>4> Smoothwall does not allow blocking traffic based on matches against Snort
>rules. Thus, the box will not use signature matching to eliminate malicious
>packets, as I think Mike intends to do.
Agreed, no arguments there (yet).
>5> See the folowing URL for a recent security review of the product and
>independent user feedback on the attitudes of the development team:
>
>http://slashdot.org/article.pl?sid=02/01/09/2050237&mode=thread
I'm not at all promoting the SmoothWall product. They have (IMHO) taken a
promising product and limited it's usefullness through the licensing you've
touched on. There are quite a few other projects that offer the same
functionality as theirs, albeit with a bit more administrative
know-how. Still, I'm disappointed that you'd dig up the muck just to
further your points. If that was the determining factor in a product's
usefulness, would you still use OpenBSD, given Theo's history?
Anyhoo, you've made some good points. However, as you can see, there are
yet further choices available to work around these shortcomings.
-Jason
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
- Previous message: Higgins, Chris AG:EX: "RE: IDS bakeoff - help!"
- In reply to: by way of L. Taylor Banks: "Re: Newbie IDS questions"
- Next in thread: dr.kaos: "Re: Newbie IDS questions"
- Next in thread: Brian Wiese: "Fw: Re: Newbie IDS questions"
- Maybe reply: Brian Wiese: "Fw: Re: Newbie IDS questions"
- Reply: dr.kaos: "Re: Newbie IDS questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
