RE: IPSec and IDS

From: Muhammad Faisal Rauf Danka (mfrd@attitudex.com)
Date: 08/13/02


Date: Mon, 12 Aug 2002 16:50:46 -0700 (PDT)
From: Muhammad Faisal Rauf Danka <mfrd@attitudex.com>
To: focus-ids@lists.securityfocus.com

It depends on whether the IDS is HIDS or NIDS ?
Since tripwire and AIDE won't have any problems with IPSec.

Mostly IPSec is implemented gateway to gateway so placing your NIDS on
a gateway e.g (NAT + Proxy gateway after the router(gateway)), through
which un-encrypted traffic is an option.

Or you could just ignore the signatures, and rely on the source and destination addresses and ports of packets for intrusion/scanning patterns.

Besides, why let untrusted people communicate through your VPN ?

Regards,
---------
Muhammad Faisal Rauf Danka

Head of GemSEC / Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag



Relevant Pages

  • Re: Wifi ipsec freebsd
    ... I too have set up a ipsec secured wireless network and this article ... Tunnel vs. transport mode was something I never fully understood. ... connection over wifi between a FreeBSD gateway and a Windows laptop. ...
    (freebsd-questions)
  • IPSEC Interop problem with Cisco using multiple SAs
    ... gateway and a Cisco device, using IPSEC. ... current outbound spi: EA6BAC9 ... inbound esp sas: ...
    (freebsd-net)
  • Wifi ipsec freebsd
    ... After a few days of struggling, I have successfully set up an ipsec ... connection over wifi between a FreeBSD gateway and a Windows laptop. ...
    (freebsd-questions)
  • Re: VPN From W2K/Pro to W2K Server Doesn;t Work Through Firewall
    ... and VPN client. ... >performing the gateway, routing and NATting. ... >> that do not have IPsec passthrough because the IP ... >> while tunnel mode protects the IP layer as well. ...
    (microsoft.public.win2000.security)
  • Multiple Gateway IPSEC Problem
    ... Cisco Router: Gateway Interface: 10.0.1.2 ... spdadd 91.18.78.0/27 91.18.78.32/27 any -P in ipsec ... # Encrypt and direct all other traffic ...
    (freebsd-net)