[ previous ] [ next ] [ threads ]
 From:  "Adriel T. Desautels" <atd at secnetops dot com>
 To:  oliver dot kainz at myez dot info
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: AW: AW: [m0n0wall] Re: m0n0wall + Snort
 Date:  Mon, 20 Jun 2005 19:24:31 -0400
    Perhaps I am not being clear. I understand that both IDS and firewalls are
useful. I also understand that firewalls are near mandatory and IDS 
systems are
not mandatory. It is my opinion that IDS systems provide higher levels of
awareness to network administrators but do not directly increase the security
of a network.

    I say this because IDS systems can be easily evaded in particular if they
are only NIDS based. Having said that I don't want to bash IDS systems here
because they really are great, and do provide functions that standard 
can not provide. In fact, they've saved my ass on more than one ocasion.

    Having said that, just because there is a market for IDS + FW packages does
not mean that the vendors are right. It just means that people will buy such a
package. I am still of the opinion that IDS + Firewalls should be separate
devices if they are going to be taken seriously. The fact is that 
combining the
two impacts accuracy and performance. If I am wrong, prove it to me.

----- Message from oliver dot kainz at myez dot info ---------
    Date: Tue, 21 Jun 2005 00:39:13 +0200
    From: Oliver Kainz <oliver dot kainz at myez dot info>
Reply-To: oliver dot kainz at myez dot info
Subject: AW: AW: [m0n0wall]  Re: m0n0wall + Snort
      To: m0n0wall at lists dot m0n0 dot ch

> Adriel,
> D-Link and Netgear are no references, only products that have IDS or a
> little part of IDS function.
> IPCOp also has this Function, and Watchguard on the new product "Fireware
> Pro" also ad an proactive service AV/IPS.
> Micro Liss FL II320  from Telco-Tech also have an IDS.
> I don't say that an IDS is the one and only.
> But Sebastian Schreiber from SySS (Germany) have shown that an Firewall
> only could be leak.
> BR
> Oliver Kainz

----- End message from oliver dot kainz at myez dot info -----

     Adriel T. Desautels
     Secure Network Operations, Inc.

Secure Network Operations - http://www.secnetops.com