[Snort-users] difference between the capability of snort and a dynamic firewall!??!?!!?
mkettler at ...4108...
Wed Aug 14 07:31:03 EDT 2002
Firewalls are intended to block traffic, and log events.
Intrusion detection systems are intended to have an extensive database of
intrusion signatures and log the attempts so you can use them to improve
your firewall rules, and as forenzic information when a successful
Intrusion detection systems are *NOT* intended to be a
first-line-of-defense against network intrusion, merely analysis of them. A
carefuly planed out firewall ruleset is infinitely better than any dynamic
ruleset that snort can wind up creating via tools like hogwash, but tools
like hogwash make a great second-line for cases where the firewall fails to
prevent an attack.
Picture a firewall as a lock, and snort as an alarm system.. If the alarm
goes off you can have it activate locks in the building, and call the
police, but locking your door in the first place is a better idea. The
alarm is there for when the lock fails and is not a first-line of defense.
At 06:31 AM 8/14/2002 -0700, funky wrote:
>What's the fondamental difference between Intrusion
>Detection Systems and a firewall!?!?!?
>- I know that we can log the attempts that matches
>with the rules with snort and later if you see an
>attack in log , you can add some rules related to the
>- we can look an the content (we can do that in
>dynamic(proxy) firewalls also!!)
>- We can make a dynamic rule match, what it is
>for?!?!? There isn't any dynamic rules in standart
>ruleset!?!??! Is it a difference from standart
>firewall?!?! if, what!??!
>Do You Yahoo!?
>HotJobs - Search Thousands of New Jobs
>This sf.net email is sponsored by: Dice - The leading online job board
>for high-tech professionals. Search and apply for tech jobs today!
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:
More information about the Snort-users