Firewall Wizards mailing list archives
RE: IPS (was: Sources for Extranet Designs?)
From: "Don Parker" <dparker () rigelksecurity com>
Date: Thu, 26 Feb 2004 18:00:19 -0500 (EST)
Bleh! That was the normal tripe from Gartner with a poorly reserached article. It always does and always will come down to the person using the darn IDS/IPS bleh whatever. If you have an untrained person managing it then expect less than stellar results. (read here a river of false positives) If you have someone adminstering this unit who has a clue then you will have a propely functioning piece of technology. It amuses me to hear of all these so-called experts purge forth these pithy statements when they themselves are in severe need of a clue bag. There, I feel much better now. Cheers! Don ------------------------------------------- Don Parker, GCIA Intrusion Detection Specialist Rigel Kent Security & Advisory Services Inc www.rigelksecurity.com ph :613.249.8340 fax:613.249.8319 -------------------------------------------- On Feb 26, "Marcus J. Ranum" <mjr () ranum com> wrote: Stiennon,Richard wrote:
Multiple methodologies to determine malicious intent. Usually includes signature,
protocol anomaly, behavior and flow capabilities. And since we've got you here.... Can you explain how these "signatures" and "protocol anomaly" detectors and "behavior and flow capabilities" are going to NOT suffer all the problems with false positives that caused Gartner to announce that IDS was a failure? From your own definition, it sounds like you at least understand that the functional mechanisms for detecting "malicious intent" are the same in an "IPS" as they are in an IDS. So if you guys at Gartner think IDS sucks because it can't do an accurate enough job of detecting "malicious intent" I'd love to hear how you think it's going to work better in an "IPS" when a false positive results in a dropped connection. I'm so glad you're monitoring this list - that way we can get the explanation straight from the horse's mouth, as it were...* mjr. (* With apologies to my horse P-nut who doesn't read this list. The expression "straight from the horse's mouth" means something entirely different once you've spent some time with equines. You should see what my white straw stetson looked like "straight from the horse's mouth" the time P-nut played 'fetch' and 'tag' with it) _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com <a href='http://honor.icsalabs.com/mailman/listinfo/firewall-wizards'>http:// honor.icsalabs.com/mailman/listinfo/firewall-wizards</a> _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: IPS (was: Sources for Extranet Designs?), (continued)
- RE: IPS (was: Sources for Extranet Designs?) Paul Robertson (Feb 26)
- Re: IPS Gary Flynn (Feb 26)
- Re: Re: IPS David Thiel (Feb 26)
- Re: Re: IPS Gary Flynn (Feb 27)
- RE: IPS (was: Sources for Extranet Designs?) Ben Nagy (Feb 27)
- RE: IPS (was: Sources for Extranet Designs?) Chris Blask (Feb 27)
- RE: IPS (was: Sources for Extranet Designs?) Marcus J. Ranum (Feb 26)
- RE: IPS (was: Sources for Extranet Designs?) Paul Robertson (Feb 26)
- Re: IPS (was: Sources for Extranet Designs?) Gary Flynn (Feb 27)
- Re: IPS (was: Sources for Extranet Designs?) Paul Robertson (Feb 27)
- RE: IPS (was: Sources for Extranet Designs?) Paul Robertson (Feb 26)
- RE: IPS (was: Sources for Extranet Designs?) Christopher Lee (Feb 27)
- Re: IPS (was: Sources for Extranet Designs?) Gary Flynn (Feb 29)