[ previous ] [ next ] [ threads ]
 From:  Marko Vukovic <marko at aquamanta dot co dot za>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] IDS
 Date:  Mon, 30 Jan 2006 21:46:12 +0200
Sean Waite wrote:
> Well in that sense you could say that as well regarding VPN, its not part of the firewall's job.
But I would argue that IDS is of more
> relevance to a firewall than VPN capability. In fact, the number one request now we have from
clients is IDS, VPN is secondary. 
> Although I do understand your point, a web proxy can be run separately, I think a lot of users
would appreciated IDS added to monowall.
> At the very least it is one less box to have to muck with.

I dunno about that. As an administrator, one would place an IDS 
depending on what one's network topology is and what one wants to 
monitor, which is obviously different for each organization.

One might want an IDS sensor outside the firewall, only in the DMZ or 
internal LAN or all of the above and more.

Having an IDS as part of a firewall system limits this choice and also 
places extra load on the machine.

Let's please leave this off the m0n0wall. Install your Snort/whatever 
sensor on a separate machine!