RE: Protecting your router.

From: Kevin Rogers (krogers@usmfg.com)
Date: 07/24/02 

Date: Wed, 24 Jul 2002 07:57:15 -0400
From: "Kevin Rogers" <krogers@usmfg.com>
To: <focus-ids@securityfocus.com>

I have to agree with Shripal, one of the concepts of IDS is to detect
intrusions before they get past the firewall. True, the logs see a lot
of action, but I'd rather have any kind of 'pattern' brought to my
attention as soon as possible...especially since I don't have a person
or team dedicated to security.

Yeah, I can tighten up my routers, but in today's environment when I
have 20-30 customers wanting me to open a 'special port' for 'encrypted
communications' just for them...well, it becomes more difficult to run
tight security on the routers. I currently don't have an IDS sensor
before the router, but the more ports I have to keep open the more I'm
thinking about it.

Jason's config would work well, in my opinion (which I never admit
amounts to much) if you have routers for specific functions. A smaller
company with just one router used only of Inet access, then we can
tighten it up real good and probably not worry about an IDS sensor
before the firewall. ISDN direct connect or frame-relay routers the
same thing...a specific single use device, tighten it up and you're
probably good to go.

Kevin M. Rogers
Network Administrator
U.S. Manufacturing Corporation

-----Original Message-----
From: Shripal Meghani [mailto:meghani@nsecure.net]
Sent: Wednesday, July 24, 2002 12:38 AM
To: Chris; focus-ids@securityfocus.com
Subject: RE: Protecting your router.

[shrip] The configuration you have shown, seems to be Ok, but here's
what I
have to say:

Usually, it is preferable to have an IDS sensor "before" a firewall too.
This helps one to detect any attacks being made on the perimeter and can
help to serve as an early warning.

As for installing an IDS Sensor before a router... feedback from the
group
would be a big help.

| -----Original Message-----
| From: Chris [mailto:brahma@mendolink.com]
| Sent: Tuesday, July 23, 2002 8:11 AM
| To: focus-ids@securityfocus.com
| Subject: Protecting your router.
|
|
| I was just curious on how others with IDS setup on their network
protect
| their routers. My setup is similar to this:
|
| T1 > Router > Firewall Appliance > IDS Appliance.
|
| Not quite sure on any products (haven't seen any) that will take a
line
| right off the CSU/DSU and perform pass-through with it and still
| filter the
| traffic. If I am being to vague just ask what I mean! Thanks in
advance.
|
|
| Thank You,
|
| Chris D.
| Network Security
| Mendo Link, LLC
|
| "An Ounce Of Prevention Is Worth A Pound Of Cure."
| Om Namo Narayanaya
|

Relevant Pages

  • RE: IDS on a load balanced BGP network
    ... Actually with most IDS solutions (cisco, for example) you will be examining ... If both feeds are coming into the same facility, ... two routers. ... That switch will then copy the traffic to your IDS sensor. ...
    (Focus-IDS)
  • RE: Protecting your router.
    ... > I was just curious on how others with IDS setup on their network protect ... You use a firewall/router to protect ... *is* possible to secure routers and firewalls to a high degree, ...
    (Focus-IDS)
  • Re: Protecting your router.
    ... > I was just curious on how others with IDS setup on their network protect ... You use a firewall/router to protect ... *is* possible to secure routers and firewalls to a high degree, ...
    (Focus-IDS)
  • RE: Active response... some thoughts.
    ... Not just poorly implemented IDS but spoofed packets as well. ... active IDS differentiate and if it can't is it possible to do the old ... >routers; the risk that the IDS could get desynchronized from the filter is ...
    (Focus-IDS)
  • RE: Thinking about Security rules...
    ... > Subject: Re: Thinking about Security rules... ... >>rules for the IDS. ... by which you attack. ... firewalls in series isn't nearly as nice as a stateful firewall coupled ...
    (Vuln-Dev)
Quantcast