Re: is Checkpoint smart defance is enough ?

[routerg <routerg () gmail com>]

It really depends on your corporate security policies.

SmartDefense is an Intrusion Prevention System meaning that it will
actually block/drop the attacks specified rather than just alterting
you like Intrustion Detection Systems.  If you subscribe to their
update service ~$1000 USD/year you can download updates to your
gateways when they come out much like AV vendors do, however updates
do not get downloaded automatically as they are release :/.  You can
also create your own regex rules so if you are getting hit with an
attack not in the CheckPoint signiture list you can create your own
rule.

IIRC, SmartDefense does not do anomoly detection.  So when a new worm
starts propogating you need to find out about it by some other means
(mailing lists, IDS), then either wait for an update from CheckPoint
or create your own rule.

It can be a very good layer of defense, but would still recommend
putting an IDS behind it to see what SmartDense/FW-1 passed through.



On 8/2/05, Juan B <juanbabi () yahoo com> wrote:
> Hi,
>
> I was wondering if I enable smartdafance on a network
> so I can give up all the other IDS's like snort Iss
> etc.
>
> Is smartdefance considered as an IDS at all ?
>
> thanks
>
> Juan
>
>
>
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs