TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Another thing to keep in mind is that while a firewall can stop unwanted
traffic (like blocking port 80 if you do not allow HTTP traffic) it does not
stop attacks over allowed ports. So if you are allowing Port 80 to x number
of webservers, then all of those servers can be attacked via HTTP, so
catching the attack as early as possible is critical.
Hope this also helps.
Cheers,
brian
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Timothy Trow
Sent: 20 April 2000 11:07 PM
To: Jeferson Stabille; [EMAIL PROTECTED]
Subject: Re: Real Secure:Question
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Hi,
It really depends. For the nost part, the engine should be placed on
the outside of the firewall (somewhere between the internet router and
the external interface of the firewall). It should also be in
promiscous mode and possibly another card with access to your internal
lan or vlan or what not. This will allow you to monitor in coming
traffic before it gets in. If the engine was placed internal if may be
too late. On the otherhand, most attacks are from the inside, yet you
must look at whether or not these are really the most harmful. I would
have to say that most HARMFUL attacks will originate from the outside.
If possible, have a couple engines and sensors throughout your entire
network convering all the bases as best as you can. Take it for what
it's worth and hopefully this helps!
Reagards,
Tim
--- Jeferson Stabille <[EMAIL PROTECTED]> wrote:
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
> message to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
>
----------------------------------------------------------------------------
>
> Hey,
>
> I already installed several IDS systems, and in the most time I
> installed
> this systems before the Firewall.
>
> But according to the FBI 70% of attacks was internal attacks and in
> the most
> of cases the Firewall blocks the most part of external attacks, in
> ohter
> words, what's the the right position of Real Secure, before or after
> the
> Firewall.
>
> Regards,
>
> Jeferson Stabille
>
>
>
>
__________________________________________________
Do You Yahoo!?
Send online invitations with Yahoo! Invites.
http://invites.yahoo.com
