TABLE OF CONTENTS The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this appendix and to assist you with real-life implementation of these concepts. To have your questions about this appendix answered by the author, browse to www.syngress.com/solutions and click on the Ask the Author form. You will also gain access to thousands of other FAQs at ITFAQnet.com.
| 1. | Why doesn t my firewall serve as an IDS? |
|
| 2. | Can IDSs gather data from anywhere besides sniffing on a network? |
|
| 3. | What can an IDS do for me that my system administrator can t? |
|
| 4. | What can my system administrator do for me that my IDS can t? |
|
| 5. | Will I have to spend time tuning my IDS? |
|
| 6. | Does physical security still matter if I have the best network security in the world? |
|
| 7. | Why should I bother writing my own signatures, when Snort has so many already? |
|
Answers
| 1. | Firewalls are designed primarily to pass, drop, or reject traffic, not to alert on suspicious traffic. IDSs are designed to let you know when suspicious activity is occurring. The two functions are different and conflict in key issues. |
| 2. | Yes, some IDSs can also gather data from log parsing, watching system calls, or monitoring a filesystem. |
| 3. | Parse a few hundred million packets or log entries (or more) a day in binary. Most administrators get tired after a while. |
| 4. | Bring creative thinking and an understanding of... |
