[ previous ] [ next ] [ threads ]
 From:  "FiL" <fil at kpoxa dot org>
 To:  "sai" <sonicsai at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IDS
 Date:  Thu, 26 Jan 2006 11:22:45 -0500
1. You have to look after IDS, but not to worry about another box 
(power, network, computer components).
2. IDS sensor doesn't need much CPU or HDD. And one of the major places 
for IDS sensor is the firewall.
I think that ids sensor capabilities should be added to m0n0wall at some 
point. I'm not talking about IDS host,
just about sensor.


sai wrote:

>On 1/26/06, Sean Waite <swaite at sbn dash services dot com> wrote:
><snip>> At the very least it is one less box to have to muck with.
>>Sean Waite
>[1] This is a major fallacy. You have to look after the IDS whether
>its on the firewall box or on its own.
>[2] An IDS should be connected to lots of different places on your
>network and needs to have a massive CPU and hard disk.
>A firewall needs a low end cpu and no hard disk. It is connected to one place.
>Totally different machines. Totally different purpose.
>Just because the customer wants it does not mean you should give it to
>them. As professionals you should educate them about the correct way
>of doing things.
>yes, I know all-in-one IDS-anti-spam-anti-virus-VPN-kitchen-sink sells
>, and is easy to sell but it is WRONG.
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch