Firewall Wizards mailing list archives
RE: IPS (was: Sources for Extranet Designs?)
From: Chris Blask <blask () protegonetworks com>
Date: Fri, 27 Feb 2004 14:14:16 -0800
At 09:27 AM 2/27/2004 +0100, Ben Nagy wrote:
> From: Marcus J. Ranum [mailto:mjr () ranum com] > Sent: Thursday, February 26, 2004 11:00 PM > Stiennon,Richard wrote: > >Network IPS: > >An inline device that assembles packets into streams or > sessions and parses them.
> So far, that's a "firewall" - the first firewalls did all > that inherently since they were proxies.
.d.
> Intrusion Prevention > CAN'T be something as simple and stupid and ancient as a > firewall that detects and closes sessions based on > application layer attack detection. That's not sexy, is it?
.d.
Sounds pretty sexy to me - I'd buy one that worked, as long as it could also deal with the problem network wide. :)
Network wide is the entire issue.A single piece of network gear is a dot. The interesting bits of "preventing intrusions" have a lot more to do with all the lines and dots that make up the network and what they're up to than just a handful of the dots.
Smart firewalls are all well and good, but there are already connectivity dots (FWs, routers and switches) out there. Just take the right view of the info already coming out of the network and use the boxes that are there to do what they do - deal with traffic issues. Maybe two years from now some of the current IPS-box makers will still be making neat dots - some are kinda cool now - we'll find out in time.
.d. :-)
> >Some of the network IPS vendors are profiting from the need > to throttle undesirable traffic (file sharing) at universities.
> Anyone on the list care to corroborate this?
I have seen a university using an IPS box, but I wouldn't speak on their behalf about how much of a driver P2P was.
A network IPS box could snuff P2P stuff at the network edge if you cover all the connections. That would limit the P2P to only between students on the network - good thing college students don't have a lot of files to trade on their laptops... :-)
Uh, why wouldn't they use traffic shaping, which is mature and cheaper? Is a standard Cisco router an inline IPS now? Cool!
There's that existing infrastructure, again...Yes. It can be. There's nothing particularly special about the way any box stops packets, you just have to know how to flip the switches.
-chris _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: IPS (was: Sources for Extranet Designs?) Stiennon,Richard (Feb 26)
- RE: IPS (was: Sources for Extranet Designs?) Christopher Lee (Feb 27)
- <Possible follow-ups>
- RE: IPS (was: Sources for Extranet Designs?) Marcus J. Ranum (Feb 26)
- RE: IPS (was: Sources for Extranet Designs?) Paul Robertson (Feb 26)
- Re: IPS Gary Flynn (Feb 26)
- Re: Re: IPS David Thiel (Feb 26)
- Re: Re: IPS Gary Flynn (Feb 27)
- RE: IPS (was: Sources for Extranet Designs?) Ben Nagy (Feb 27)
- RE: IPS (was: Sources for Extranet Designs?) Chris Blask (Feb 27)
- RE: IPS (was: Sources for Extranet Designs?) Marcus J. Ranum (Feb 26)
- RE: IPS (was: Sources for Extranet Designs?) Paul Robertson (Feb 26)
- Re: IPS (was: Sources for Extranet Designs?) Gary Flynn (Feb 27)
- Re: IPS (was: Sources for Extranet Designs?) Paul Robertson (Feb 27)
- RE: IPS (was: Sources for Extranet Designs?) Paul Robertson (Feb 26)
- RE: IPS (was: Sources for Extranet Designs?) Christopher Lee (Feb 27)
- Re: IPS (was: Sources for Extranet Designs?) Gary Flynn (Feb 29)