|
||||||||
Adriel T. Desautels wrote: > Actually, > In my expereince its not a very good idea to install an IDS on a > firewall > device. Fact of the matter is an IDS device should have as much processing > power as you an give it to help reduce false positives and false negatives > (assuming heavy load and a good NIC). Increased usage of the CPU from other > services, such as firewalls, reduce the amount of cycles that the IDS > will have > and as such reduce its performance. Anyone else feel the same way? What you think makes sense. However, for a small business with an idle firewall like mine, it might be a good idea. Having a traffic sniffer that is not on the firewall increases the costs a lot. You need a separate machine, a tap or a switch with a mirror port. > > ----- Message from don dot munyak at gmail dot com --------- > Date: Mon, 20 Jun 2005 13:54:22 -0400 > From: Don Munyak <don dot munyak at gmail dot com> > Reply-To: Don Munyak <don dot munyak at gmail dot com> > Subject: Re: [m0n0wall] m0n0wall + Snort > To: oliver dot kainz at myez dot info > > >> I don't want to speak for the development team, but from my time spent >> on this list server, the goal of m0n0wall is meant to stay lean. >> M0n0wall is primarily a firewall and it looks like that's how it will >> stay. >> >> - Don >> >> On 6/20/05, oliver dot kainz at myez dot info <oliver dot kainz at myez dot info> wrote: >> >>> Hi, >>> >>> >>> >>> is there an plan to implement Snort as an NIDS into the m0n0wall in >>> the futureve?? >>> >>> >>> >>> >>> >>> BR >>> >>> Oliver >>> >>> |