OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
IDS Archives: IDS: SV: Combining IDS and firewalls

IDS: SV: Combining IDS and firewalls

Aronius Joakim (joakim.aroniusicl.se)
Mon, 13 Sep 1999 08:09:43 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Combining firewalls and IDS does give some neat features but it also
opens up some new vulnerabillities. It is for example trivial to
block access to any site only by scanning the fw with a spoofed
adress. Rule no.1 keep it simple...

Regards,
Joakim Aronius
_____________________________________________________
Joakim Aronius, ICL IT-Security
Linköping, Sweden

*** PGP Signature Status: unknown
*** Signer: Unknown, Key ID = 0xA1F0DCEA
*** Signed: 1999-09-11 17:50:56
*** Verified: 1999-09-13 07:58:08
*** BEGIN PGP VERIFIED MESSAGE ***

  Has anyone any experience in combining firewalls with IDS? Several
commercial Intrusion Detection systems can generate new firewall
rules
on the fly to block the possible intrusion. Has anyone used this and
has had good or bad experience with it?

 As well, are there any systems to combine the firewall logging with
IDS logging to generate more complete summaries of an attack? Since a
firewall may block part of the intruders attack but not block the
part
that the IDS sees, we need both sets of logs to analyse the nature of
the attack.

Bill Royds
Internet Security Manager
Department of Canadian Heritage
15-5-F, 15 Eddy St.
Hull QC

phone: (819) 994-0507
email: postmasterpch.gc.ca

*** END PGP VERIFIED MESSAGE ***

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>

iQA/AwUBN9yGbQ2P5cC54v7BEQKIPwCZAVICQpUxwF9TCqvBeeOYtU+xx+EAoOyq
sAhX7Kp32jYj/I9x1ZTeVhIf
=zVf1
-----END PGP SIGNATURE-----

This archive was generated by hypermail 2.0b3 on Mon Sep 13 1999 - 16:12:07 CDT