TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Of course, if the 'detector' port is not properly configured and stays open
to 'attack' the protection afforded by having the reporting connection tied
behind the firewall may leave a 'path of least resistance' avoiding any
firewall controls setup.
The 'best' configuration to place an Intrusion Detection System outside the
zone of control may be to have the 'Out of Band' network which
only connects detectors with a controlling console. This is more cumbersome
but better able to protect your Intranet.
Rod P
-----Original Message-----
From: netboss [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 18, 2000 11:18 AM
To: ISS Mailing List
Cc: [EMAIL PROTECTED]
Subject: Reals Secure 5.0
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Mackarthur,
Take a look in the Installation Guide at what ISS terms a "stealth"
configuration for your network engine. In this config your sensor doesn't
talk *through* your firewall. It sits protected *behind* your firewall
while monitoring the outside. The point to consider is the protection of
your sensor while it lives out in the hostile environment we call the
Internet. On the outside it's open to attack and once compromised becomes a
path into your network via the ports you open through your firewall.
Cheers,
netboss
>---------------------------------------------------------------------------
-
>
>We are in the process of procuring RS 5.0 and I have a question regarding
>deployment. We use Gauntlet 4.2 (were are just now upgrading to 5.0) as
>our firewall product. Our firewalls proxy the internal network to the
>Internet. Our production network consists of private class IPs. If we put
>a network sensor in front of each firewall, will we have a problem getting
>information to the workgroup managers since it has to go through our
>firewall? Do we have to allow certain TCP/UDP packets through?
>
> >From everything I've read and what little I know, it can be accomplished
> relatively easily. I am just trying to "answer the mail."
>
>Any help/advice is appreciated.
>
>Cheers,
>
>Mackarthur
______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
