Re: Checkpoint IPS

["Roland Dobbins" <rdobbins () arbor net>]

On 5 Feb 2015, at 19:57, Terry Baranski wrote:

> I hate to be the bearer of bad news, but everything we do is 
> "artificial". There are no routers in nature, no IP packets, no fiber 
> optics. There is no such thing as "natural engineering" -- engineering 
> is "artificial" by definition.

This isn't even worthy of comment, so I won't.

> But there's no overstating the usefulness of a properly-tuned IPS for 
> attack prevention

I've never heard a plausible anecdote, much less seen meaningful 
statistics, of these devices actually 'preventing' anything.

I have, however, run into many, many situations in which these devices 
demonstrably degraded the security posture of network operators, 
particularly when placed in front of servers or broadband access 
networks.  For example, they're laughably easy to DDoS due to state 
exhaustion - which is what is the main point of the presentation you 
reference.

And the fact that well-known evasion techniques still work against these 
devices today, coupled with the undeniable proliferation of compromised 
hosts residing within networks supposedly 'protected' by these devices, 
militates against your proposition.

-----------------------------------
Roland Dobbins <rdobbins () arbor net>