Re: best ids placement?

• Previous message: benjurry: "Optimize NFR.Part 1-MSSQL Hello Buffer Overflow"
• In reply to: Rob Shein: "RE: best ids placement?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 19 Aug 2003 22:49:05 -0400
To: focus-ids@securityfocus.com

On Mon, Aug 18, 2003 at 02:50:20PM -0400, Rob Shein wrote:
> But realistically speaking, an IDS is going to typically have
> connectivity via another route; otherwise how can you do IP block
> lookups, googling, etc. to determine more about attacks? Furthermore,
> besides rooting, what if the attacker merely wanted

Use a layered security model? Don't let your sniffer (which is processing
unknown inputs) have access to the big bad world, and have a second box?
Use a proxy or agent structure to eliminate direct access?

But otherwise completely agree with your point. I don't like leaving my
sniffers, with full access to network data, somewhere where they can be
accessed from outside arm's reach.

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world’s premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------

• Previous message: benjurry: "Optimize NFR.Part 1-MSSQL Hello Buffer Overflow"
• In reply to: Rob Shein: "RE: best ids placement?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]