[ previous ] [ next ] [ threads ]
 
 From:  "Oliver Kainz" <oliver dot kainz at myez dot info>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  AW: [m0n0wall] Re: m0n0wall + Snort
 Date:  Mon, 20 Jun 2005 22:39:29 +0200
>>Adriel T. Desautels wrote:
>> Actually,
>>    In my expereince its not a very good idea to install an IDS on a
>> firewall device. Fact of the matter is an IDS device should have as
>> much processing power as you an give it to help reduce false positives
>> and false negatives (assuming heavy load and a good NIC). Increased
>> usage of the CPU from other services, such as firewalls, reduce the
>> amount of cycles that the IDS will have
>> and as such reduce its performance. Anyone else feel the same way?

>What you think makes sense.  However, for a small business with an idle
firewall like
>mine, it might be a good idea.  Having a traffic sniffer that is not on
the firewall
>increases the costs a lot.  You need a separate machine, a tap or a
switch with a mirror
>port.

IDS on a firewall is not NEW, take a look an D-Link "DFL-200 and DFL-700"
Or the Netgear "FVS ProSafe-VPN-Firewall" Datasheet.
The have included an (N)IDS.
I think no Firewall is secure alone without an IDS.

BR
Oliver
smime.p7s (5.0 KB, application/x-pkcs7-signature)