Security Basics mailing list archives
RE: Checkpoint smart defance as IPS
From: "Erik Ilves" <green.boy () mail ee>
Date: Fri, 28 May 2010 08:01:57 +0300
Hey, I'm not 100% sure, but i don't think any IPS provider can look into SSL traffic itself. Most of the IPS that i know can look at the key negotations taking place between the client and the server, but not the traffic itself. If he really wanted to look into what is happening inside SSL then i suggest buying a F5 or a similar load balancer device that terminates the SSL in itself and the traffic to the backend would not be encrypted anymore and IPS can look at that traffic. As for the best IPS, read Q4 NSS labs test - you have to register @ http://www.nsslab.com/ to get the document, but basically the best IPS vendors at the moment are Sourcefire, Mcafee and IBM. I have tested Sourcefire and Mcafee and found the Mcafee GUI a bit illlogical. Sourcefire one looked logical and the functionality more than satisfactory and the upgrades are smooth, so my company went with them (Support for Sourcefire boxes is incredible! I think they honestly have the best support for any appliance out there). I have not tested IBM, but NSS recommends it, so i think there are a lot of good features in the IBM boxes as well, so recommend one of these 3 to your customer. As for Smartdefence as IPS. Sorry, but that is a laugh! Checkpoints Smartdefence "IPS" causes more trouble than good. More false positives/negatives and random drops than any other system out there and it is deprecated, the new IPS that Checkpoint provides with R70.x is better, but it is nowhere near the what a dedicated IPS provider like SF/Mcafee/IBM gives to the administrator. Checkpoint does firewalls and great ones at that, but IPS, not their thing or league. Br, Erik -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of mzcohen2682 () aim com Sent: Thursday, May 27, 2010 11:50 PM To: security-basics () securityfocus com Subject: Checkpoint smart defance as IPS Hi list friends !!! I did a pentest for a client's web site and found many holes most of them because of Sql injection which can be fixed with a good practice of input validation. I also recommended installing an IPS. the client has checkpoint smart defance module installed on his FW but I guess that this module is not enough because 1. one cant write signatures 2. the clients uses SSL on his web site so the IPS cant see the attack. AM I WRONG?? I think that the client needs to buy a real IPS which can also open the encrypted traffic. which IPS you recommend for doing the task? thanks a lot, Marco ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Checkpoint smart defance as IPS mzcohen2682 (May 27)
- Re: Checkpoint smart defance as IPS Francois Yang (May 28)
- RE: Checkpoint smart defance as IPS Erik Ilves (May 28)
- RE: Checkpoint smart defance as IPS Boyd, Chad (May 28)
- Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)
- Message not available
- Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)
- Re: Checkpoint smart defance as IPS John Bond (May 28)
- Message not available
- Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)
- Message not available
- Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)
- Re: Checkpoint smart defance as IPS Laurens Vets (May 28)
- Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)
- Re: Checkpoint smart defance as IPS Laurens Vets (May 28)
- Re: Checkpoint smart defance as IPS Trevor Alexander (May 28)
- Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)