TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
My philosophy is similar. My default placement would be on the network
segment my most valuable data and resources are attached to. ISS folks I
have talked to like the ID engine ahead of and behind the firewall....but,
again, with 75%+ unwanted activity behind the FW, I still like the ID engine
snooping in stealth mode behind the FW on a critical LAN segment.
Jim Bridge
-----Original Message-----
From: John Sharkey
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: 4/24/00 6:04 PM
Subject: Re: Real Secure:Question
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
------------------------------------------------------------------------
----
Timothy or ISS:
Is it the ISS position that a disgruntled employee is less dangerous
than an
external hacker? My source code being stolen is pretty high on my
scale.
>From: Timothy Trow <[EMAIL PROTECTED]>
>To: Jeferson Stabille <[EMAIL PROTECTED]>, "[EMAIL PROTECTED]"
><[EMAIL PROTECTED]>
>Subject: Re: Real Secure:Question
>Date: Thu, 20 Apr 2000 15:06:58 -0700 (PDT)
>
>
>TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
message to
>[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
>problems!
>-----------------------------------------------------------------------
-----
>
>Hi,
>
>It really depends. For the nost part, the engine should be placed on
>the outside of the firewall (somewhere between the internet router and
>the external interface of the firewall). It should also be in
>promiscous mode and possibly another card with access to your internal
>lan or vlan or what not. This will allow you to monitor in coming
>traffic before it gets in. If the engine was placed internal if may be
>too late. On the otherhand, most attacks are from the inside, yet you
>must look at whether or not these are really the most harmful. I would
>have to say that most HARMFUL attacks will originate from the outside.
>If possible, have a couple engines and sensors throughout your entire
>network convering all the bases as best as you can. Take it for what
>it's worth and hopefully this helps!
>
>Reagards,
>
>Tim
>--- Jeferson Stabille <[EMAIL PROTECTED]> wrote:
> >
> > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
> > message to
> > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> > problems!
> >
>-----------------------------------------------------------------------
-----
> >
> > Hey,
> >
> > I already installed several IDS systems, and in the most time I
> > installed
> > this systems before the Firewall.
> >
> > But according to the FBI 70% of attacks was internal attacks and in
> > the most
> > of cases the Firewall blocks the most part of external attacks, in
> > ohter
> > words, what's the the right position of Real Secure, before or after
> > the
> > Firewall.
> >
> > Regards,
> >
> > Jeferson Stabille
> >
> >
> >
> >
>
>__________________________________________________
>Do You Yahoo!?
>Send online invitations with Yahoo! Invites.
>http://invites.yahoo.com
>
>
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
