Re: IDS deployment outside FW?

templeofprs_at_hotmail.com
Date: 08/09/04

  • Next message: Dr Bit Bucket: "Re: IDS deployment outside FW?" 
    Date: 9 Aug 2004 21:50:01 -0000
To: focus-ids@securityfocus.com
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <BAY19-F385a0q6AGvN4000177b6@hotmail.com>

    Having your IDS on the outside of your firewalls does not tell you what is getting through your firewalls. It does not help you from an IDS perspective... just assume that everything is going to hit the outside of your firewall (every random sweep or port scan). If your firewalls are bounded by IDS and you correlate both aspects with your firewall logs you have a clearer picture of what your threats look like.

    >
    >Dear List
    >
    >I have moved into an organization that has two RealSecure Network Sensors
    >and a network architecture that is VLANd/DMZd to where localized deployment
    >to capture traffic would require 8 to 12 sensors to avoid bridging loops.
    >
    >The cheapest/simplest option (without deploying SNORT/Prelude, etc - the
    >organization wants to remain on a single application architecture where
    >possible) is to place the two sensors outside of the firewall.
    >
    >I understand that this means:
    >The sensors will be in hostile territory and need to be maintained to a very
    >high degree
    >There will be an operations overhead of dealing with all of the noise that
    >would normally be filtered by a firewall
    >
    >Does anyone have experience of doing this?
    >Are there any other issues that I have not considered?
    >
    >Chris
    >
    >_________________________________________________________________
    >It's fast, it's easy and it's free. Get MSN Messenger today!
    >http://www.msn.co.uk/messenger
    >
    >
    >--------------------------------------------------------------------------
    >Test Your IDS
    >
    >Is your IDS deployed correctly?
    >Find out quickly and easily by testing it with real-world attacks from CORE
    >IMPACT.
    >Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
    >--------------------------------------------------------------------------
    >
    >

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE
    IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
    --------------------------------------------------------------------------

  • Next message: Dr Bit Bucket: "Re: IDS deployment outside FW?"

    Relevant Pages

    • IDS deployment outside FW?
      ... I have moved into an organization that has two RealSecure Network Sensors ... and a network architecture that is VLANd/DMZd to where localized deployment ...
      (Focus-IDS)
    • Re: Conductivity Sensor
      ... and need to monitor the conductivity of the nutrient solution. ... But it might be fun to try to make one of these sensors from simple parts. ... the first core induces 1 turn's worth of voltage around the liquid loop that passes through the hole. ... You amplify the AC current from the second core, rectify it, and the result represents the conductivity of the solution. ...
      (sci.electronics.design)
    • Re: Conductivity Sensor
      ... and need to monitor the conductivity of the nutrient solution. ... But it might be fun to try to make one of these sensors from simple parts. ... the first core induces 1 turn's worth of voltage around the liquid loop that passes through the hole. ... You amplify the AC current from the second core, rectify it, and the result represents the conductivity of the solution. ...
      (sci.electronics.design)