Full Disclosure mailing list archives
Re: Why the IPS product designers concentrate on server side protection? why they are missing client protection
From: Nelson Brito <nbrito () sekure org>
Date: Tue, 1 Jun 2010 10:23:31 -0300
Comments are inline! Nelson Brito Security Researcher http://fnstenv.blogspot.com/ Please, help me to develop the ENG® SQL Fingerprint™ downloading it from Google Code (http://code.google.com/p/mssqlfp/) or from Sourceforge (https://sourceforge.net/projects/mssqlfp/). Sent on an iPhone wireless device. Please, forgive any potential misspellings! On Jun 1, 2010, at 9:52 AM, "Cor Rosielle" <cor () outpost24 com> wrote:
Nelson,You're missing one point: Host IPS MUST be deployed with any Network Security (Firewalls os NIPSs).Please be aware this is a risk decision and not a fact. I don't use an host IPS and no anti Virus either. Still I'm sure my laptop is perfectly safe. This is because I do critical thinking about security measures and don't copy behavior of others (who often don't think for themselves and just copies other peoples behavior). Please note I'm not saying you're not thinking. If you did some critical thinking and an host IPS is a good solution for you, then that's OK> It just doesn't mean it is a good solution for everybody else and everybody MUST deploy an host IPS.
That's so 1990! NIPS and/or Firewall just protect you if you're inside the "borders"... But, come on. Who doesn't have a laptop nowadays? So, multiple protection layers is better than none, anyways. You have choices when adopting a security posture or, if you prefer, risk posture. I believe that it's quite difficult and almost impossible you stay updated with all the threads, due to exponential growth of them.
No security solution/technology is the miracle protection alone,That's true.so that's the reason everybody is talking about defense in depth.Defense in depth is often used for another line of a similar defense mechanism as the previous already was. Different layers of defense works best if the defense mechanism differ. So if you're using anti virus software (which gives you an authentication control and an alarm control according to the OSSTMM), then an host IDS is not the best additional security measure (because this also gives you an authentication and an alarm control).
Woowoo.. I cannot agree with you, because AV has nothing to do protecting end-point against network attacks. AV will alert and protect only when the thread already reached your end-point. Besides, there are other layers, such as: buffer overflow protection inside HIPS. Look that I am not talking abous IDS. 8)
This would also be a risk decision, but based on facts and the rules defined in the OSSTMM and not based on some marketing material. You should give it a try.
It always is a risk decision, and I not basing MHO on any "standard", that's based on my background... And, AFAIK, nodoby can expect that users and/or server systems will be able to apply all or any update in a huge environment.
Regards, Cor Rosielle w: www.lab106.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Why the IPS product designers concentrate on server side protection? why they are missing client protection rajendra prasad (Jun 01)
- Re: Why the IPS product designers concentrate on server side protection? why they are missing client protection Nelson Brito (Jun 01)
- Re: Why the IPS product designers concentrate on server side protection? why they are missing client protection Valdis . Kletnieks (Jun 01)
- Re: Why the IPS product designers concentrate on server side protection? why they are missing client protection rajendra prasad (Jun 01)
- <Possible follow-ups>
- Re: Why the IPS product designers concentrate on server side protection? why they are missing client protection Nelson Brito (Jun 01)
- Re: Why the IPS product designers concentrate on server side protection? why they are missing client protection Nelson Brito (Jun 01)
- Re: Why the IPS product designers concentrate on server side protection? why they are missing client protection rajendra prasad (Jun 02)