Date: Sat, 7 Apr 2001 15:10:13 -0700 From: "John Howie" <JHowie@msn.com> To: "Crist Clark" <crist.clark@globalstar.com>, "Jacques A. Vidrine" <n@nectar.com>, <lee@kechara.net>, <freebsd-security@freebsd.org> Subject: Re: Theory Question Message-ID: <059301c0bfaf$85d86fb0$0101a8c0@development.local> References: <200104071610.RAA18117@mailgate.kechara.net> <3ACF83FA.55761A7B@globalstar.com> <20010407162552.D87286@hamlet.nectar.com> <3ACF8B1D.21272C1C@globalstar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Crist Clark" <crist.clark@globalstar.com>
To: "Jacques A. Vidrine" <n@nectar.com>
Cc: <lee@kechara.net>; <freebsd-security@FreeBSD.ORG>
Sent: Saturday, April 07, 2001 2:48 PM
Subject: Re: Theory Question
[stuff edited out...]
> Going back to the original problem, IMHO, if you want to have data
> connectivity with the IDS, a fairly secure way to go is to have one
> or more serial connections to the IDS from the inside.
>
> } {
> Internet }----+---[Firewall]----{ Protected network
> } | { |
> [IDS]..................[IDS Mngmnt]
> (serial line(s))
>
> For example, you could have one console connection and one data connection
> passing the logging info. The possibility of an attacker gaining further
> access into your network if the IDS is comprimised is small (but as
always,
> non-zero), and you have all of the access you need to the system. The one
> caveat being the data rate limitation on a serial line. (And serial lines
> are even worse when it comes to TEMPEST, but not too many people need
> concern themselves with that.)
Just don't run PPP or SLIP over the serial line (don't laugh, I've seen just
this setup and yes, it was compromised).
john...
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?059301c0bfaf$85d86fb0$0101a8c0>