[Dshield] Question for all

Mrcorp mrcorp at yahoo.com
Tue Feb 3 19:36:24 GMT 2004

Personal Choice...

A) One school of thought is that you know you will be attacked and scanned, so is there a real
need for it outside the firewall?  Who would sit there and sort through all that information, and
what would you look for?  The attacks should have been blocked by the firewall.

B) The second thought is, I would like to know if an attack was successful, therefore, I would
like one inside and one outside.  I will compare the logs and it will let me know.

My thoughts, outside is a waste of time.  Its too much data for me and my staff to sort through. 
And using the outside to compare to the inside is not the proper way to test the rule set and
performance of your firewall in the wild.  Plan the test and perform them yourself.

Keep it inside, where the assets you are protecting reside.

--- Rick Sroka <Rick.Sroka at ubcd.com> wrote:
> Would you have a ids on the outside of the firewall or inside after the
> firewall 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:

Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!

More information about the list mailing list