Re: IPS vs Firewall

["Cutequyz" <sonicely () cbn net id>]

nop. you wouldn't get a good report for ips. anyway, it gonna to be single
device of failure and the firewall fail, the whole network become shutdown.
if this is the case, why you spend your money to it? another thing, the
interface should be invisible (can't be ping adn detected by port/ip
scanner, even from your inside)

take a look at scmagazine.com and see what expert see in a good ips.

----- Original Message ----- 
From: "Manoj Kumar Neelapareddy" <manojkreddyutl () yahoo com>
To: <security-basics () securityfocus com>
Sent: Monday, May 03, 2004 4:06 PM
Subject: RE: IPS vs Firewall


> I would suggest you to use an all in one box which has
> FW, IPS built into it. best example of such a solution
> is iPolicy Network's ipEnforcer 3100/3400. it has FW,
> IDS, IPS, URL screener, NAT built into one box.
> iPolicy networks can be reached at www.ipolicynet.com
>
> thank u
> manoj
>
> --- sonicely () cbn net id wrote:
> > I think it's the best way to put an IPS on the WAN
> > and the LAN at the same
> > time. NAI IPS Intruvert can do multi-rules on
> > different VLAN or even the
> > port. The reason that you need to put that in both
> > side, is to figure out
> > whether an intrusion has been successfully go in to
> > the servers inside you
> > LAN/DMZ. An if somebody from the inside want to play
> > around with your DMZ,
> > you will know it where it came from. If you put the
> > IPS outside of the
> > Firewall, sometimes you got an attack that already
> > NAT-ed and you can't
> > know in 1 seconds who is he really.
> >
> > Please correct me if I'm wrong.
> >
> > rgds,
> >
> >
> > > If you put the IPS outside of the firewall then be
> > prepared for some
> > > massive amounts of logs! I currently have a
> > similar setup and just the raw
> > > number of people setting out there running nessus
> > and other tools quickly
> > > filled my logs up. I have since tuned the box and
> > now recieve a decent
> > > amount of logs but i am wondering if it still
> > doing me any good in a
> > > highly tuned state? my original idea was to put it
> > outside the firewall so
> > > i could see everything that is hitting the
> > firewall, but this just isnt
> > > possible in my setup.
> > >
> > > -----Original Message-----
> > > From: Benny Late [mailto:lvmygop () hotmail com]
> > > Sent: Tuesday, April 27, 2004 3:16 PM
> > > To: security-basics () securityfocus com
> > > Subject: IPS vs Firewall
> > >
> > >
> > > List,
> > >
> > > I am to give a presentation concerning IPS vs. IDS
> > and why we have decided
> > > to implement an IPS solution.  I have stuff about
> > each of those, but my
> > > big
> > > problem is going to come from my LAN/WAN group.
> > Because I've decided to
> > > place the IPS outside the firewall, they have
> > already moaned about it and
> > > I
> > > know they're going to bring up why we need IPS vs.
> > Firewall.  I have stuff
> > > about what firewalls don't look for or do compared
> > to IPS.
> > > My question is, how would you go about showing
> > that firewalls or BigIP
> > > routers can be attacked directly?  For those of
> > you concidering IPS, can
> > > you
> > > impart any of the knowledge gained by implementing
> > your solutions?
> > > Many thanks,
> > > Benny
> _________________________________________________________________
> > > From must-see cities to the best beaches, plan a
> > getaway with the Spring
> > > Travel Guide!
> > http://special.msn.com/local/springtravel.armx
> > >
> --------------------------------------------------------------------------
-
> > > Ethical Hacking at the InfoSec Institute. Mention
> > this ad and get $545 off
> > > any course! All of our class sizes are guaranteed
> > to be 10 students or
> > > less
> > > to facilitate one-on-one interaction with one of
> > our expert instructors.
> > > Attend a course taught by an expert instructor
> > with years of in-the-field
> > > pen testing experience in our state of the art
> > hacking lab. Master the
> > > skills
> > > of an Ethical Hacker to better assess the security
> > of your organization.
> > > Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> > >
> --------------------------------------------------------------------------
--
> > >
> --------------------------------------------------------------------------
-
> > > Ethical Hacking at the InfoSec Institute. Mention
> > this ad and get $545 off
> > > any course! All of our class sizes are guaranteed
> > to be 10 students or
> > > less
> > > to facilitate one-on-one interaction with one of
> > our expert instructors.
> > > Attend a course taught by an expert instructor
> > with years of in-the-field
> > > pen testing experience in our state of the art
> > hacking lab. Master the
> > > skills
> > > of an Ethical Hacker to better assess the security
> > of your organization.
> > > Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> > >
> --------------------------------------------------------------------------
--
> > >
> --------------------------------------------------------------------------
-
> > Ethical Hacking at the InfoSec Institute. Mention
> > this ad and get $545 off
> > any course! All of our class sizes are guaranteed to
> > be 10 students or less
> > to facilitate one-on-one interaction with one of our
> > expert instructors.
> > Attend a course taught by an expert instructor with
> > years of in-the-field
> > pen testing experience in our state of the art
> > hacking lab. Master the skills
> > of an Ethical Hacker to better assess the security
> > of your organization.
> > Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> >
> --------------------------------------------------------------------------
--
> >
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Win a $20,000 Career Makeover at Yahoo! HotJobs
> http://hotjobs.sweepstakes.yahoo.com/careermakeover
>
> --------------------------------------------------------------------------
-
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or
less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------
--
>



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------