From owner-freebsd-security Sat Apr 7 15: 6: 4 2001 Delivered-To: freebsd-security@freebsd.org Received: from cpimssmtpoa01.msn.com (cpimssmtpoa01.msn.com [207.46.181.111]) by hub.freebsd.org (Postfix) with ESMTP id 463C137B42C for ; Sat, 7 Apr 2001 15:06:01 -0700 (PDT) (envelope-from JHowie@msn.com) Received: from cpimssmtpu13.email.msn.com ([207.46.181.88]) by cpimssmtpoa01.msn.com with Microsoft SMTPSVC(5.0.2195.3225); Sat, 7 Apr 2001 15:06:00 -0700 Received: from x86w2kw1 ([216.103.48.12]) by cpimssmtpu13.email.msn.com with Microsoft SMTPSVC(5.0.2195.3225); Sat, 7 Apr 2001 15:06:00 -0700 Message-ID: <059301c0bfaf$85d86fb0$0101a8c0@development.local> From: "John Howie" To: "Crist Clark" , "Jacques A. Vidrine" , , References: <200104071610.RAA18117@mailgate.kechara.net> <3ACF83FA.55761A7B@globalstar.com> <20010407162552.D87286@hamlet.nectar.com> <3ACF8B1D.21272C1C@globalstar.com> Subject: Re: Theory Question Date: Sat, 7 Apr 2001 15:10:13 -0700 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-OriginalArrivalTime: 07 Apr 2001 22:06:00.0423 (UTC) FILETIME=[EDFADF70:01C0BFAE] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ----- Original Message ----- From: "Crist Clark" To: "Jacques A. Vidrine" Cc: ; Sent: Saturday, April 07, 2001 2:48 PM Subject: Re: Theory Question [stuff edited out...] > Going back to the original problem, IMHO, if you want to have data > connectivity with the IDS, a fairly secure way to go is to have one > or more serial connections to the IDS from the inside. > > } { > Internet }----+---[Firewall]----{ Protected network > } | { | > [IDS]..................[IDS Mngmnt] > (serial line(s)) > > For example, you could have one console connection and one data connection > passing the logging info. The possibility of an attacker gaining further > access into your network if the IDS is comprimised is small (but as always, > non-zero), and you have all of the access you need to the system. The one > caveat being the data rate limitation on a serial line. (And serial lines > are even worse when it comes to TEMPEST, but not too many people need > concern themselves with that.) Just don't run PPP or SLIP over the serial line (don't laugh, I've seen just this setup and yes, it was compromised). john... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message