Re: Gateway IDS
From: r00t@online.ieDate: 06/25/02
- Previous message: Hiemstra, Brenno: "RE: Gateway IDS"
- In reply to: Jochen Vogel: "Gateway IDS"
- Next in thread: Christopher Cantrell: "re[2]: Gateway IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: <r00t@online.ie> Date: Tue, 25 Jun 2002 11:35:00 +0100 To: Jochen Vogel <jvogel@it-sec.de>
> since last year i search a working gateway IDS solution.
> i search a solution that work like a firewall but additionally
> can block packets after an correlation with IDS signatures.
> the solution to send RST packets or reconfigure a firewall
> is nice but not really about latency or spoofing packets.
Hi Jochen,
I have deployed many IDS solutions similar to your needs. I would need more
specific information in order to gurantee it's exactly what your looking for.
You my have already checked it out but:
ISS RealSecure works quite well with Checkpoint Firewall 1, there are
actionable options available per signature including the ability to send RST's
to attacker hosts.
This is possible via the Checkpoint Opsec connector, there are limitations with
this configuration which you should be aware of before deploying.
You will also need a TX/RX span port on the switch in order to acheive this, or
you could use taps.
Hopefully this helps, if you need more info mail me off-list.
Cheers
./Mark
>
> greets
> Jochen
>
>
- Previous message: Hiemstra, Brenno: "RE: Gateway IDS"
- In reply to: Jochen Vogel: "Gateway IDS"
- Next in thread: Christopher Cantrell: "re[2]: Gateway IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
