[unisog] Gartner: IDS a Failure, Firewalls Recommended

Ross, Michael RossMJ at sutterhealth.org
Thu Jun 12 21:56:49 GMT 2003

This article is fundamentally flawed since it refers to firewalls and
IDSs as though they are separate and competing products. One must be
careful not to confuse firewall device with firewall. A firewall should
contain several layers of protection, including but not limited to
packet filters, stateful inspection, content based access controls,
proxies, IDS, sniffers, etc. Vendors will always be marketing the
all-in-one product usually as a  "firewall" but most security
professionals would agree that a defense in depth approach is what is
really needed to provide a respectable level of security. It's much
safer to take several industry recognized products and exploit their
strengths to build your firewall. I do not believe that any single
product can satisfy all my needs and I have certainly never found one
that could. By layering your defenses and not standardizing on brand X,
you eliminate the possibility that a vendor- specific vulnerability
compromises your entire security nor do you have to deal with a single
point of failure. False positives are a given in any kind of automated
detection system. Isn't that why us humans make they money that we do?

Just my .02 cents!

Michael J. Ross
Sr. Network Engineer
California Pacific Medical Center

More information about the unisog mailing list