Re: IDS is dead, etc

2003-08-07T16:49:10 Barry Fitzgerald:
> Oh yes, and someone (perhaps tongue-in-cheek) mentioned that a > properly configured firewall removes the need for an NIDS.

Perhaps you're referring to my comment:

	2003-08-06T14:57:53 Bennett Todd:

	> 2003-08-06T07:39:28 Paul Schmehl:

> I have to chime in and say that I couldn't possibly disagree more.

Understandable. I really shouldn't have included that remark; or else I should have expanded on it. I didn't say "properly configured firewall", I said "really perfectly implemented firewall", and I meant something different by that, although I neglected to explain.

A perfectly implemented firewall allows no protocols through for which there are vulnerable implementations inside. That means it's impossible to implement a perfect firewall if you're going to allow Windows users to have internet access. You can come moderately close, with a hideous amount of work, but you'll still be very exposed, and an IDS will be critical reinforcement of your flawed security.

But given suitable systems configuration, it is possbile to have a perfect firewall, and if you do then an IDS is just an educational tool, and would probably be most useful in concert with a honeypot.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

-Bennett