Brian Ford wrote:
>
>
> The technically interesting part is the inclusion of IDS sensor technology in a
>Catalyst
> blade, several IOS trains and soon PIX firewall builds. So now you can have a
>dedicated
> sensor, sensor in a router, sensor in a switch, or sensor in a firewall. Gee whiz,
>you
> can have a sensor just about anywhere you need it!
>
I don't know so much details about how your products are builded and
designed, but... Don't you think that using the same box as a
Firewall/router/switch and as IDS could overload the device (the box)???
As far as I know (from texts like "Intrusion Detection" -Amoroso, and
"Building Internet Firewalls" -Chapman/Zwicky ) both elements complement
each other, but I see a bit dangerous relying in the same box to do both
thing. Processor speeds, software complexity and single-points-of-failure
are some considerations that comes to my mind... :-)
Just an opinion... :-) Best regards...
--
Martin Humberto Hoz Salvador
Information Security Consultant (ISS ICU, Check Point CCSE)
C I T I
Sendero Sur 285 Col. Contry, Monterrey, Nuevo Leon 64860, MEXICO
Phone: +(52)(8) 357-2267 x135 Fax: +(52)(8) 357-8047
E-mail: [EMAIL PROTECTED] WWW: http://www.citi.com.mx
PGPKey ID: 0x0454E8D9 ICQ Number: 31631540
--------------------------------------------------------------------
Seguridad en Computo 2000 Mexico - Computer Security 2000 Mexico
http://www.seguridad2000.unam.mx
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
