re[2]: Gateway IDS
From: Christopher Cantrell (cantrell@onesecure.com)Date: 06/26/02
- Previous message: Gary Halleen: "RE: Concerns with NFR" and "Trons 7.0 (was Re: RealSecure IDS 6.5)""
- Maybe in reply to: Jochen Vogel: "Gateway IDS"
- Next in thread: Rob McMillen: "RE: Gateway IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Jun 2002 11:24:43 -0600 From: Christopher Cantrell <cantrell@onesecure.com> To: <r00t@online.ie>, Jochen Vogel <jvogel@it-sec.de>
Hi,
Just a note to add:
>> You my have already checked it out but:
>> ISS RealSecure works quite well with Checkpoint Firewall 1, there are
>> actionable options available per signature including the ability to send
>> RST's
>> to attacker hosts.
Most IDS products can integrate with other devices (i.e. CheckPoint OPSEC), but IP blocking can be a very risky "reaction". A better approach, is to look at a product which can maintain state on all sessions (not just TCP) and be able to "drop" those session which offend a security policy. By maintaining state, you achieve a lot of benefits including the ability to only "drop" the session which has an attack and not any other sessions, even if they are all coming from a single NAT'ed IP address.
Best regards,
-chris
- Previous message: Gary Halleen: "RE: Concerns with NFR" and "Trons 7.0 (was Re: RealSecure IDS 6.5)""
- Maybe in reply to: Jochen Vogel: "Gateway IDS"
- Next in thread: Rob McMillen: "RE: Gateway IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
