Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IDS deployment outside FW?

from [templeofprs] Network Security [Permanent Link]
Subject: Re: IDS deployment outside FW?
Date: 9 Aug 2004 21:50:01 -0000 
In-Reply-To: <BAY19-F385a0q6AGvN4000177b6@hotmail.com>

Having your IDS on the outside of your firewalls does not tell you what is 
getting through your firewalls. It does not help you from an IDS perspective... 
just assume that everything is going to hit the outside of your firewall (every 
random sweep or port scan). If your firewalls are bounded by IDS and you 
correlate both aspects with your firewall logs you have a clearer picture of 
what your threats look like.



Dear List

I have moved into an organization that has two RealSecure Network Sensors 
and a network architecture that is VLANd/DMZd to where localized deployment 
to capture traffic would require 8 to 12 sensors to avoid bridging loops.

The cheapest/simplest option (without deploying SNORT/Prelude, etc - the 
organization wants to remain on a single application architecture where 
possible) is to place the two sensors outside of the firewall.

I understand that this means:
The sensors will be in hostile territory and need to be maintained to a very 
high degree
There will be an operations overhead of dealing with all of the noise that 
would normally be filtered by a firewall

Does anyone have experience of doing this?
Are there any other issues that I have not considered?

Chris

_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today! 
http://www.msn.co.uk/messenger


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Avoiding VLAN bridge with N-IDS?, ADT
Next by Date:  Re: IDS deployment outside FW?, Dr Bit Bucket
Previous by Thread:  Re: IDS deployment outside FW?, Dr Bit Bucket
Next by Thread:  Re: IDS deployment outside FW?, Mike Poor
Indexes:  [Date] [Thread] [Top] [All Lists]