RE: IPSec and IDS
From: Muhammad Faisal Rauf Danka (mfrd@attitudex.com)Date: 08/13/02
- Previous message: Andrew Plato: "Re: host-based ids evaluation"
- Maybe in reply to: Bryan Morris: "IPSec and IDS"
- Next in thread: Shripal Meghani: "RE: IPSec and IDS"
- Reply: Shripal Meghani: "RE: IPSec and IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Aug 2002 16:50:46 -0700 (PDT) From: Muhammad Faisal Rauf Danka <mfrd@attitudex.com> To: focus-ids@lists.securityfocus.com
It depends on whether the IDS is HIDS or NIDS ?
Since tripwire and AIDE won't have any problems with IPSec.
Mostly IPSec is implemented gateway to gateway so placing your NIDS on
a gateway e.g (NAT + Proxy gateway after the router(gateway)), through
which un-encrypted traffic is an option.
Or you could just ignore the signatures, and rely on the source and destination addresses and ports of packets for intrusion/scanning patterns.
Besides, why let untrusted people communicate through your VPN ?
Regards,
---------
Muhammad Faisal Rauf Danka
Head of GemSEC / Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------
_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag
- Previous message: Andrew Plato: "Re: host-based ids evaluation"
- Maybe in reply to: Bryan Morris: "IPSec and IDS"
- Next in thread: Shripal Meghani: "RE: IPSec and IDS"
- Reply: Shripal Meghani: "RE: IPSec and IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
