OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
IDS Archives: IDS: Combining IDS and firewalls

IDS: Combining IDS and firewalls

Bill Royds (broydshome.com)
Sat, 11 Sep 1999 10:50:57 -0400

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
--------------------------------------------------------------------------- 

---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

  Has anyone any experience in combining firewalls with IDS? Several
commercial Intrusion Detection systems can generate new firewall rules
on the fly to block the possible intrusion. Has anyone used this and
has had good or bad experience with it?

 As well, are there any systems to combine the firewall logging with
IDS logging to generate more complete summaries of an attack? Since a
firewall may block part of the intruders attack but not block the part
that the IDS sees, we need both sets of logs to analyse the nature of
the attack.

Bill Royds
Internet Security Manager
Department of Canadian Heritage
15-5-F, 15 Eddy St.
Hull QC

phone: (819) 994-0507
email: postmasterpch.gc.ca

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0.2i
Comment: Bill Royds CAST

iQA/AwUBN9psUccYG6mh8NzqEQIoKwCfZO46bIqhLU/1drvhO36THUbeZxgAn1wH
Edgb8vHUx4x3/6C8EWVvSHa7
=px/E
-----END PGP SIGNATURE-----

This archive was generated by hypermail 2.0b3 on Sat Sep 11 1999 - 22:12:11 CDT