IDS mailing list archives
RE: NIPS Vendors explicit answer
From: "Rob Shein" <shoten () starpower net>
Date: Tue, 27 Apr 2004 11:39:28 -0400
I can answer this fairly easily. Bruce Schneier, among other people, has been pointing out that the real measure of security is how gracefully it fails. In many large environments (like where I am right now) there can be confusion as to who is responsible for which system; the system in question may go unpatched as a result. When there's an IPS on top of everything, it makes a big difference, because now you have another layer of defense to protect it. At some point, someone is bound to notice that the system isn't patched, but at least it won't be because of some 1337 d00d tearing it up. For a public-facing service this is an entire second layer of protection, where before there was only one. I'd also think that any environment that could tackle the implementation of an IPS correctly would already have patching fairly well in hand. And I doubt they'd stop patching at that point, anyways. Oh, and I second the request for an IPS list. Good idea, Frank!
-----Original Message----- From: Frank Knobbe [mailto:frank () knobbe us] Sent: Monday, April 26, 2004 8:04 PM To: Vikram Phatak Cc: focus-ids () securityfocus com Subject: Re: NIPS Vendors explicit answer
<snip>
True. It seems I was focusing on the detection part, not the prevention part. A product that shields existing vulnerabilities from a network does have merit. I think I just question why we need the product. It appears that it would allows us to be more complacent with our networks. Why patch the system when the IPS shields it? There seem to be two sides to the IPS-shielding-the-network approach. I can see where it is useful (especially when running Microsoft products, the latest SSL issue being the perfect example). But at the same time it is only a band-aid until the hosts are patched. Shouldn't we focus our preventative efforts on the hosts? (not dispelling IPS, but we should use it as a substitute for securing systems).
<snip snip> --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- NIPS Vendors explicit answer christian graf (Apr 08)
- Re: NIPS Vendors explicit answer christian graf (Apr 19)
- <Possible follow-ups>
- RE: NIPS Vendors explicit answer Kohlenberg, Toby (Apr 12)
- Re: NIPS Vendors explicit answer Vikram Phatak (Apr 26)
- Re: NIPS Vendors explicit answer Ron Gula (Apr 26)
- Re: NIPS Vendors explicit answer Vikram Phatak (Apr 27)
- Re: NIPS Vendors explicit answer Frank Knobbe (Apr 27)
- Re: NIPS Vendors explicit answer Vikram Phatak (Apr 27)
- Message not available
- Re: NIPS Vendors explicit answer Frank Knobbe (Apr 27)
- Re: NIPS Vendors explicit answer Vikram Phatak (Apr 27)
- RE: NIPS Vendors explicit answer Rob Shein (Apr 28)
- RE: NIPS Vendors explicit answer Frank Knobbe (Apr 30)
- RE: NIPS Vendors explicit answer Rob Shein (Apr 30)
- Re: NIPS Vendors explicit answer Ron Gula (Apr 26)
- Re: IDSes and known attacks (was: NIPS Vendors explicit answer) Drexx Laggui (Apr 28)
- Re: NIPS Vendors explicit answer Ron Gula (Apr 28)
- Re: NIPS Vendors explicit answer Vikram Phatak (Apr 28)