[Snort-users] Firewall vs IDS

Simon Gray simong at ...8637...
Tue Apr 29 02:35:04 EDT 2003


Possibly an IDS either side of your firewall, to compare. You can then check
to see if the firewall is doing what its suppose to do.

S
----- Original Message ----- 
From: "Brian M. Diehl" <bdiehl at ...7394...>
To: "Always Bishan" <bishan4u at ...1396...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Monday, April 28, 2003 6:00 PM
Subject: RE: [Snort-users] Firewall vs IDS


I don't have any whitepapers or such.  A firewall will restrict access
to selected ports and selected IP addresses to those ports.  A IDS box
looks at all the traffic coming across the wire and matches it to a sig
base.  Why would you want both?  Well a perfect example is IIS (Web
server - port 80) and things like CMD access attempts, code red, nimda
etc.  On your firewall you allow port 80 because you are running a web
server.  But what if someone was trying to hack your web server? If you
have an IDS box right AFTER your firewall, you now have the chance to
tell that someone was attempting to break into your web server.

HTH,

--Brian.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users





More information about the Snort-users mailing list