Hi!
On Wed, Jan 18, 2006 at 01:04:45PM +0500, sai wrote:
> Why would you want an
> IDS on the same machine as a firewall? Its not going to work. It will
> not have enough signatures to give you the sort of security you need.
Why would you want a signature based IDS at all? They don't work.
Period. Enumerating badness is a silly idea.
Develop a policy that explicitely defines every kind of network
traffic that is to be allowed to pass your perimeter. Application
X using a "propriatary protocol"? Sorry, not allowed.
Then use a firewall that only passes what is explicitly
allowed and raises an alarm for everything that isn't.
*Boom* as Steve Jobs would probably put it. Instant heuristic
proactive unkown and future attack aware IDS.
BTW:
http://www.ranum.com/security/computer_security/editorials/deepinspect/
HTH,
Patrick
--
punkt.de GmbH Internet - Dienstleistungen - Beratung
Vorholzstr. 25 Tel. 0721 9109 -0 Fax: -100
76137 Karlsruhe http://punkt.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Jan 18 2006
Intro
