Re: Any IDS Recommendations?
From: Karl Levinson, mvp (levinson_k_at_despammed.com)
Date: 07/16/05
- Previous message: Karl Levinson, mvp: "Re: Any IDS Recommendations?"
- In reply to: S. Pidgorny
: "Re: Any IDS Recommendations?" - Next in thread: Phil Agcaoili: "Re: Any IDS Recommendations?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 16 Jul 2005 15:33:17 -0400
"S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
news:uaJrYUeiFHA.2904@tk2msftngp13.phx.gbl...
> I see you have managed to convince the auditors that DMZ isn't the best
> place to install the sensors because all traffic there is encrypted.
However
> I might suggest that this creates and excellent opportunity to come up
with
> tight IDS rule set: everything that is not on the list of (encrypted)
> protocols is potential security breach. And seriously consider internal
> network: first of all, NIDS will generate a lot of interesting
information -
> like curious grads that believe they're h@x0rz and stuff like that.
Secndly,
> the next IT security audit will require that anyway.
Note that internal networks can be as challenging to monitor and give as
many false alarms as putting sensors outside your firewall.
And encrypted traffic does not necessarily have to be impossible to monitor.
There are solutions that will let you unencrypt and monitor encrypted
traffic, if you feel it is in your best interest to do so.
- Previous message: Karl Levinson, mvp: "Re: Any IDS Recommendations?"
- In reply to: S. Pidgorny
: "Re: Any IDS Recommendations?" - Next in thread: Phil Agcaoili: "Re: Any IDS Recommendations?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
