TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
RealSecure IDS can function as back-up to your firewall by placing it just
inside the firewall. This shows what is getting through. If you set up email
notification and forward these notices to a pager you probably can keep up
and modify the firewall on the fly. I use RealSecure with RS Kills when
first detecting problems and then make decision to move IP blocks to
firewall or external router.
Personally I would like to have a second instance of RS IDS between my
external router and firewall to keep track of what IPs are probing and what
I should have blocked above the firewall.
Rod Pieper
-----Original Message-----
From: Timothy Trow [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 20, 2000 6:07 PM
To: Jeferson Stabille; [EMAIL PROTECTED]
Subject: Re: Real Secure:Question
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Hi,
It really depends. For the nost part, the engine should be placed on
the outside of the firewall (somewhere between the internet router and
the external interface of the firewall). It should also be in
promiscous mode and possibly another card with access to your internal
lan or vlan or what not. This will allow you to monitor in coming
traffic before it gets in. If the engine was placed internal if may be
too late. On the otherhand, most attacks are from the inside, yet you
must look at whether or not these are really the most harmful. I would
have to say that most HARMFUL attacks will originate from the outside.
If possible, have a couple engines and sensors throughout your entire
network convering all the bases as best as you can. Take it for what
it's worth and hopefully this helps!
Reagards,
Tim
--- Jeferson Stabille <[EMAIL PROTECTED]> wrote:
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
> message to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
>
----------------------------------------------------------------------------
>
> Hey,
>
> I already installed several IDS systems, and in the most time I
> installed
> this systems before the Firewall.
>
> But according to the FBI 70% of attacks was internal attacks and in
> the most
> of cases the Firewall blocks the most part of external attacks, in
> ohter
> words, what's the the right position of Real Secure, before or after
> the
> Firewall.
>
> Regards,
>
> Jeferson Stabille
>
>
>
>
__________________________________________________
Do You Yahoo!?
Send online invitations with Yahoo! Invites.
http://invites.yahoo.com
