Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: FW appliance comparison - Seeking input for the forum

Re: FW appliance comparison - Seeking input for the forum

From: R. DuFresne <dufresne_at_sysinfo.com>
Date: Sun, 29 Jan 2006 21:44:21 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 25 Jan 2006, Devdas Bhagat wrote:

> On 23/01/06 18:30 -0500, Paul D. Robertson wrote:
>> On Sun, 22 Jan 2006, Devdas Bhagat wrote:
>>
>>> Isn't auditing against a policy exactly what an IDS is supposed to do?
>>
>> Not that I've ever seen. Everything I've seen says they look for
>> known-bad-stuff and produce alerts and false positives.
>>
>> ;)
>>
> <chorus> BOO! </chorus>
>
>>> It also verifies that your security policy has been implemented
>>> correctly at the firewall(s).
>>
>> As I said, in an ideal world, sure- however I've yet to see an IDS that
>> really and truly knows how to even express policy, let alone check against
>> it (unless your policy is "no bad stuff the IDS can find!") Heck, I've
>> yet to see real policy<->firewall rule mapping done in an effective way
>> without a human.
>>
> I suspect that my terminology has gotten disconnected with the marketing
> driven real world again.
>
> To me an IDS is not necessarily something that listens on the network
> only. Stuff that looks at the integrity of files on hosts, stuff that
> monitors and analyzes logs is part of the IDS too. The IDS is not a
> simple, single application, but a set of applications which work
> together to show the differences between operational and ideal
> implementations.
>
> A NIDS, or a HIDS is a part of the above, but is definitely not sufficient
> by itself.

I've seen this offered asa more total solution, LURQH <sp?!> does this as
core to their MSSP offering, but I have not seen any IDS/NIDS/HIDS that
truly goes that far. You have pointers to products that provided log
analysis as well as traffic monitoring for anomalies?

Thanks,

Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant: sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD3X2Ist+vzJSwZikRAnjhAKCfPoa2b0JVht/3aY/Oe4IKeVdnngCgrc9s
puMFkJRZORAejuv0kC+05jY=
=Nl2Y
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 01 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]