> tri-homed firewall, more so if you have IDS sensors at exterior, dmz,
> and interior, and the time to monitor them.
Changing subjects a little bit here. I agree with our IDS comment,
but I'm curious about how your external IDS is used.
I've ran into differing opinions on this (as I do with most things
security related ;-), but I I don't think that I would want the external
IDS monitoring incoming traffic. Why? Because it would be going
off all the time. As many times as we're probed during the day, the
IDS sensor would be in a constant state of sending alerts. Yes, you
could adjust the rules to reduce this, but then what is the point of
having the IDS sensor there? However, I believe the external IDS
sensor should be there to monitor traffic leaving your external
firewall so you can see if one of your internal or DMZ hosts have
been compromised.
What do you think?
Steve Bremer
NEBCO, Inc.
System & Security Administrator
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
