TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Actually there are many different architectures one can deploy ISS Real
Secure. One is to deploy a sensor/detector on the same segment as the DMZ
to verify both the external perimeter router, and the firewall, and then a
sensor/detector is placed on the inside segment that connect the firewall
to the internal network. With this type of sensor/detector deployment, one
can craft a comparison report to verify that unwanted traffic is not
getting past your firewall..
/m
At 07:08 AM 4/26/00 -0400, Bridge, Jim wrote:
>TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
>[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
>----------------------------------------------------------------------------
>
> My philosophy is similar. My default placement would be on the network
>segment my most valuable data and resources are attached to. ISS folks I
>have talked to like the ID engine ahead of and behind the firewall....but,
>again, with 75%+ unwanted activity behind the FW, I still like the ID engine
>snooping in stealth mode behind the FW on a critical LAN segment.
>
>Jim Bridge
>
>-----Original Message-----
>From: John Sharkey
>To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Sent: 4/24/00 6:04 PM
>Subject: Re: Real Secure:Question
>
>
>TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
>to
>[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
>problems!
>------------------------------------------------------------------------
>----
>
>Timothy or ISS:
>
>Is it the ISS position that a disgruntled employee is less dangerous
>than an
>external hacker? My source code being stolen is pretty high on my
>scale.
>
>
> >From: Timothy Trow <[EMAIL PROTECTED]>
> >To: Jeferson Stabille <[EMAIL PROTECTED]>, "[EMAIL PROTECTED]"
> ><[EMAIL PROTECTED]>
> >Subject: Re: Real Secure:Question
> >Date: Thu, 20 Apr 2000 15:06:58 -0700 (PDT)
> >
> >
> >TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
>message to
> >[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> >problems!
> >-----------------------------------------------------------------------
>-----
> >
> >Hi,
> >
> >It really depends. For the nost part, the engine should be placed on
> >the outside of the firewall (somewhere between the internet router and
> >the external interface of the firewall). It should also be in
> >promiscous mode and possibly another card with access to your internal
> >lan or vlan or what not. This will allow you to monitor in coming
> >traffic before it gets in. If the engine was placed internal if may be
> >too late. On the otherhand, most attacks are from the inside, yet you
> >must look at whether or not these are really the most harmful. I would
> >have to say that most HARMFUL attacks will originate from the outside.
> >If possible, have a couple engines and sensors throughout your entire
> >network convering all the bases as best as you can. Take it for what
> >it's worth and hopefully this helps!
> >
> >Reagards,
> >
> >Tim
> >--- Jeferson Stabille <[EMAIL PROTECTED]> wrote:
> > >
> > > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
> > > message to
> > > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> > > problems!
> > >
> >-----------------------------------------------------------------------
>-----
> > >
> > > Hey,
> > >
> > > I already installed several IDS systems, and in the most time I
> > > installed
> > > this systems before the Firewall.
> > >
> > > But according to the FBI 70% of attacks was internal attacks and in
> > > the most
> > > of cases the Firewall blocks the most part of external attacks, in
> > > ohter
> > > words, what's the the right position of Real Secure, before or after
> > > the
> > > Firewall.
> > >
> > > Regards,
> > >
> > > Jeferson Stabille
> > >
> > >
> > >
> > >
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Send online invitations with Yahoo! Invites.
> >http://invites.yahoo.com
> >
> >
>
>________________________________________________________________________
>Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
>
