[ previous ] [ next ] [ threads ]
 
 From:  "Michael C. Ibarra" <ibarra at hawk dot com>
 To:  FiL <fil at kpoxa dot org>
 Cc:  sai <sonicsai at gmail dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IDS
 Date:  Thu, 26 Jan 2006 14:52:59 -0500 
I agree. Preferably the snort binary with the one or two mysql libs it  
requires so that it can send all of it's alerts to another machines DB  
and/or flatfile.  Would this overtax your m0n0 box?  Well, are we  
telling people to only deploy m0n0 on a small box like a soekris?  
Personally, I'd prefer to split my sensor from my firewall, but I've  
seen cases where keeping them together may have made sense, assuming  
the hardware supported it.

-mike

Quoting FiL <fil at kpoxa dot org>:

> 1. You have to look after IDS, but not to worry about another box
> (power, network, computer components).
> 2. IDS sensor doesn't need much CPU or HDD. And one of the major places
> for IDS sensor is the firewall.
> I think that ids sensor capabilities should be added to m0n0wall at
> some point. I'm not talking about IDS host,
> just about sensor.
>
> FiL.
>
> sai wrote:
>
>> On 1/26/06, Sean Waite <swaite at sbn dash services dot com> wrote:
>> <snip>> At the very least it is one less box to have to muck with.
>>
>>> Sean Waite
>>>
>>
>> [1] This is a major fallacy. You have to look after the IDS whether
>> its on the firewall box or on its own.
>> [2] An IDS should be connected to lots of different places on your
>> network and needs to have a massive CPU and hard disk.
>> A firewall needs a low end cpu and no hard disk. It is connected to  
>>  one place.
>> Totally different machines. Totally different purpose.
>>
>> Just because the customer wants it does not mean you should give it to
>> them. As professionals you should educate them about the correct way
>> of doing things.
>> yes, I know all-in-one IDS-anti-spam-anti-virus-VPN-kitchen-sink sells
>> , and is easy to sell but it is WRONG.
>>
>> sai
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch