Re: IPS vs. Firewalls

[ArkanoiD <ark () eltex net>]

nuqneH,

IPS can be (and are being) successfully evaded by fragmentation attacks.
Even worse, signature-based approach is flawed anyways. Internet protocol
security relies on managing data flow, not on trying to find "attacks" in it.
There is zillion ways to do bad things and no IPS can handle it.

(I'd even say that anyone who seriously claim that IPS can replace firewall
is stupid moron with lack of understanding even security basics, and if
those people are allowed to make technical decisions your company has damn
big management problems)

On Mon, Dec 26, 2005 at 04:39:51PM +0900, Phil Albacore wrote:
> Long time listener, first time poster...
>  
>
> Some of the managers at my company are pushing to get rid of our firewall in exchange for IPS devices. They've heard 
> that IPS sensors can be used to block traffic, so they've got it in their heads that we don't need a firewall 
> anymore. I'm wondering if anyone on this list can give me a few salient points that can be used to rebuke this 
> ???strategy???. 
>
>  
>
> The one point that springs to mind immediately is that a firewall is (hopefully) a default deny device while an IPS 
> is a default allow device. Putting aside that IPS and firewalls operate at different layers and so block based on 
> different parameters, a default deny device is more likely to block 0 day attacks. Do you all agree with this 
> statement and do you have any others that typical management can understand? 
>
>  
>
>  
>
> Thanks for your help,
>
> Phil A.
>
> ???????????????????????????????????????jY??,???&j)b?  
> b??????_??6?v???z+?',jV???(?m???????????Zn???o?j)fj???b???~*???e??j?l
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards