IDS mailing list archives
RE: IPS Futures
From: "M Shirk" <shirkdog_linux () hotmail com>
Date: Wed, 21 Jul 2004 07:29:26 -0400
Basically I you can run an IPS with snort-inline with iptables.This is great, because I am in control, but what I experienced in the real CLIENT world is a whole different story. Some of the implementations of IDS solutions were terrible. I could not trust the same clients to actually setup the IPS correctly. There is too much of a margin of error.
However, if this is within your own company, it is the way to go. IPS is a better solution than IDS alone. My paranoia is the real world of terrible implementation. Example would be a spoofed router for their internet connection banging the firewall and the IPS shutsdown all trafiic, and the Internet connection the company used to have :-)
I would be interested if anyone is a Managaed Service Securty Provider and has had good luck with installation at remote client sites.
Shirkdog -----Original Message----- From: Joel.Snyder () Opus1 COM [mailto:Joel.Snyder () Opus1 COM] Sent: Monday, July 19, 2004 12:41 PM To: focus-ids () securityfocus com Subject: IPS Futures Importance: LowIn case anyone is interested in more fuel for the IPS fire, here is an article that just came out in Information Security. There are several editing errors
specifically related to product examples, but if you'll ignore those (e.g.,yes, I know that ForeScout is not host-based), the general concepts might be of
interest. ---- _________________________________________________________________FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- IPS Futures Joel M Snyder (Jul 20)
- <Possible follow-ups>
- RE: IPS Futures M Shirk (Jul 22)
- RE: IPS Futures Rob Shein (Jul 25)
- RE: IPS Futures Ed Donegan (Jul 25)
- Re: IPS Futures nick black (Jul 26)