Security Basics mailing list archives
Re: Checkpoint smart defance as IPS
From: John Bond <john.r.bond () gmail com>
Date: Fri, 28 May 2010 09:45:28 +0100
On Thu, May 27, 2010 at 9:50 PM, <mzcohen2682 () aim com> wrote:
Hi list friends !!! the client has checkpoint smart defance
As you say smart defense i will assume they are not using R70, IPS (found in R70) which was previously called smartdefense is a much better
module installed on his FW but I guess that this module is not enough because 1. one cant write signatures
You can't write signatures your self, however checkpoint do release updates quite regularly
2. the clients uses SSL on his web site so the IPS cant see the attack. AM I WRONG?? .
I would say this is were the lines between IPS and web application Firewall tends to get blued. personally I would say that an IPS system does not need to really worry about ssl connections. Let your IPS system focus on layers 2-4. If you are worried about web applications i.e. SQL injection, XSS etc then get a web application firewall as well. These are purely focused on the task and are much more configurable than an IPS system that has the ability to inspect SSL traffic
I think that the client needs to buy a real IPS
personally i am not a big fan of smartdefense. It brings up a lot of false positives and it is difficult to customise and tweak so more often than not protection is switched of. IPS found in r70 resolves some of these issues
which IPS you recommend for doing the task?
mod_security on Apache is a pretty good web application firewall. The company that produce mod_security also make a hardwere appliance called breach which seems ok. however i have not had much experience with other commercial offerings ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Checkpoint smart defance as IPS mzcohen2682 (May 27)
- Re: Checkpoint smart defance as IPS Francois Yang (May 28)
- RE: Checkpoint smart defance as IPS Erik Ilves (May 28)
- RE: Checkpoint smart defance as IPS Boyd, Chad (May 28)
- Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)
- Message not available
- Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)
- Re: Checkpoint smart defance as IPS John Bond (May 28)
- Message not available
- Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)
- Message not available
- Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)
- Re: Checkpoint smart defance as IPS Laurens Vets (May 28)
- Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)
- Re: Checkpoint smart defance as IPS Laurens Vets (May 28)
- Re: Checkpoint smart defance as IPS Trevor Alexander (May 28)
- RE: Checkpoint smart defance as IPS Bretten, Andrew P (May 28)
- RE: Checkpoint smart defance as IPS Craig S. Wright (May 31)
- Re: Checkpoint smart defance as IPS Trevor Alexander (May 31)
- RE: Checkpoint smart defance as IPS Craig S. Wright (May 31)
- Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)