RE: IPS Futures

["M Shirk" <shirkdog_linux () hotmail com>]

Basically I you can run an IPS with snort-inline with iptables.

This is great, because I am in control, but what I experienced in the real 
CLIENT world is a whole different story. Some of the implementations of IDS 
solutions were terrible. I could not trust the same clients to actually 
setup the IPS correctly. There is too much of a margin of error.

However, if this is within your own company, it is the way to go. IPS is a 
better solution than IDS alone. My paranoia is the real world of terrible 
implementation. Example would be a spoofed router for their internet 
connection banging the firewall and the IPS shutsdown all trafiic, and the 
Internet connection the company used to have :-)

I would be interested if anyone is a Managaed Service Securty Provider and 
has had good luck with installation at remote client sites.

Shirkdog


-----Original Message-----
From: Joel.Snyder () Opus1 COM [mailto:Joel.Snyder () Opus1 COM]
Sent: Monday, July 19, 2004 12:41 PM
To: focus-ids () securityfocus com
Subject: IPS Futures
Importance: Low


In case anyone is interested in more fuel for the IPS fire, here is an 
article
that just came out in Information Security.  There are several editing 
errors
specifically related to product examples, but if you'll ignore those (e.g.,
yes, I know that ForeScout is not host-based), the general concepts might be 
of
interest.

----

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------