Great Circle Associates Firewalls
(December 1997)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: RE: Intrusion Detection
From: Nguyen Hoang Tien <u3914995 @ au . ac . th>
Date: Mon, 8 Dec 1997 09:57:08 +0700 (TST)
To: Bob Fish <bfish @ best . com>
Cc: "firewalls @ GreatCircle . COM" <firewalls @ GreatCircle . COM>
In-reply-to: <01BD0339 . 1CAF1F60 @ bfish . vip . best . com>

This is last time i warned all of you don't drop mail to my mail box.
I have never subscribed into you  list why you guy throw you shit up to
here all the time?




On Sun, 7 Dec 1997, Bob Fish wrote:

> Yes, automated network intrusion detection is a growing field. There are several excellent intrusion detection systems available today, not just traffic monitoring devices.  Network General (the inventor of the Sniffer, now known as Networks Associates after its recent merger with MacAfee) sells a product called CyberCop. StorageTek sells a combination packet filter & intrusion detection system under the name of NetSentry (this combines their BorderGuard security device with the NetRanger IDS).  The WheelGroup NetRanger itself is capable of automatically setting filters on the BorderGuard devices as well as Cisco routers, based on where (in the enterprise network) they are located and a company's real-time policy enforcement needs.  NetSolve (ProWatch Secure) and IBM (Emergency Response Service) both offer intrusion detection monitoring and response services as well...
> These systems (and services)  are capable of centralized configuration management, alarm reporting, and attack info logging from many remote IDS sensors.  ID systems are intended to be used in conjunction with firewalls and other filtering devices, not as the standalone 'silver bullet' for internet and intranet security.
> Bob Fish
> WheelGroup Corp
> ----------
> From: 	Ted Doty
> Sent: 	Wednesday, December 03, 1997 6:16 AM
> To: 	firewalls @
 GreatCircle .
> Subject: 	Re: Seesion Wall-3
> On Tue, 2 Dec 1997 12:38:54 -0500, List_Mail @
 vsebav .
 com (List_Mail) posted:
>      In Windows NT Magazine, October 1997 issue page 85, there is an 
>      article on Session Wall-3, a firewall that you can place inside the 
>      internal network.  It's both a network monitor and a firewall.  Does 
>      anyone has any experience with this product ?
> There is a lot of activity on Intrusion Detection right now, especially the
> combination of IDS with traditional firewalls.   The idea is that when the
> IDS system detects inappropriate activity, it communicates with the
> firewall (for example, via Checkpoint's Opsec), to add a blocking rule.
> Intrusion Detection systems are passive, so they are a pretty good fit for
> an internal network,  where communications needs to be open.  An
> organization could deploy internal firewalls that block nothing at all,
> except for the sessions of malicious users (as reported by an IDS).
> Separating the functionality into "detect" vs. "respond" is likely to allow
> the performance of the security system to match the data rates of the
> internal LANs.
> There are a number of IDS systems out (including our RealSecure), but I
> don't know how many of them work with how many firewall systems.
> Any comments should be sent to me, as I don't normally follow the list.
> - Ted
> --------------------------------------------------------------
> Ted Doty, Internet Security Systems | Phone: +1 770 395 0150

Indexed By Date Previous: RE: Intrusion Detection
From: Bob Fish <bfish @ best . com>
Next: Re: NT as a central intranet firewall [-Drant]
From: "Craig I. Hagan" <hagan @ cih . com>
Indexed By Thread Previous: RE: Intrusion Detection
From: Bob Fish <bfish @ best . com>
Next: FW: Through Checkpoint-1 firewalls Ftp can't access NT virtual's IP
From: Robert Ståhlbrand <robert . stahlbrand @ nmac . ericsson . se>

Search Internet Search