Firewall Wizards mailing list archives
Management vs. IT staff (was: Re: IPS vs. Firewalls)
From: "Patrick M. Hausen" <hausen () punkt de>
Date: Thu, 2 Feb 2006 18:54:08 +0100
Hi, all! On Thu, Feb 02, 2006 at 07:00:08PM +0300, ArkanoiD wrote:
IPS can be (and are being) successfully evaded by fragmentation attacks. Even worse, signature-based approach is flawed anyways. Internet protocol security relies on managing data flow, not on trying to find "attacks" in it. There is zillion ways to do bad things and no IPS can handle it. (I'd even say that anyone who seriously claim that IPS can replace firewall is stupid moron with lack of understanding even security basics, and if those people are allowed to make technical decisions your company has damn big management problems)
Now, what a clever marketing pull to call these devices "Intrusion Prevention Systems", wasn't it? They prevent intrusions, don't they? No, I'm not blaming any CEO for not knowing better - with the notable exception of the CEOs of companies selling IT security products or services. Even VPs of IT or whatever they may be called need not know much technical detail if the company is big enough to justify several levels of management hierarchy. But I do blame CEOs for making decisions on certain products a "strategic" issue and part of their domain at all! IMHO this is one of the main reasons for many bad products in the field. Remember MS ads: "The network that doesn't need an admin ..." Stuff like that makes me want to bang my head against a wall. I'm not old enough to have real experience here, but my impression is that in-house expertise and knowledgeable employees were valued much higher 20 years ago than they are now. Current management schools seem to focus on "processes" and "standard products" with the explicit goal of making employess replaceable. Once the processes are perfect, you might as well hire monkeys for the job. There seems to be a deep distrust in the people that run the IT departments and their opinions on technical subjects. In jumps salesrep of $VENDOR claiming "Box XY will solve all your problems automatically and think of all the money to save, when you are not dependent on expensive expert workers anymore". IMNSHO specifically investing in human beings instead of products is the only way to save us in the long run. Not only in IT security, but many of the problems we are facing today in Western European societies are (again IMHO) a direct result of preferring automation and fancy technology over people. Politicians and managers alike seem to have a big fear of relying on somebody. Make the streets safer? Don't buy surveillance cameras and face recognition software - hire more intelligent and motivated cops and treat and pay them well enough to stay motivated and not prone to bribing. Problems with public education? Use computers at elementary school? Bull! Hire motivated teachers. 'nuff said. Kind regards, Patrick M. Hausen Leiter Netzwerke und Sicherheit -- punkt.de GmbH Internet - Dienstleistungen - Beratung Vorholzstr. 25 Tel. 0721 9109 -0 Fax: -100 76137 Karlsruhe http://punkt.de _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- IPS vs. Firewalls Phil Albacore (Feb 02)
- Re: IPS vs. Firewalls ArkanoiD (Feb 02)
- Management vs. IT staff (was: Re: IPS vs. Firewalls) Patrick M. Hausen (Feb 02)
- Re: Management vs. IT staff (was: Re: IPS vs. Firewalls) ArkanoiD (Feb 03)
- Re: IPS vs. Firewalls Kevin (Feb 02)
- RE: IPS vs. Firewalls Paul Melson (Feb 07)
- Re: IPS vs. Firewalls Gabriele Buratti (Feb 03)
- Management vs. IT staff (was: Re: IPS vs. Firewalls) Patrick M. Hausen (Feb 02)
- Message not available
- Re: IPS vs. Firewalls Marcus J. Ranum (Feb 02)
- Re: IPS vs. Firewalls (why vs. ?) Gabriele Buratti (Feb 03)
- Re: IPS vs. Firewalls (why vs. ?) Marcus J. Ranum (Feb 07)
- Re: IPS vs. Firewalls (why vs. ?) Dave Piscitello (Feb 07)
- Re: IPS vs. Firewalls (why vs. ?) Gabriele Buratti (Feb 07)
- Re: IPS vs. Firewalls (why vs. ?) Dave Piscitello (Feb 07)
- Re: IPS vs. Firewalls Marcus J. Ranum (Feb 02)
- Re: IPS vs. Firewalls ArkanoiD (Feb 02)