IDS mailing list archives
RE: NIPS Vendors explicit answer
From: Melih Kırkgöz (Koç.net) <melihk () koc net>
Date: Wed, 28 Apr 2004 17:59:46 +0300
Hello Everyone, İ am responsible for testing and offering an IPS solution for big networks with high rated throughputs for my company(an ISP) and our customers. As i read these mails flowing around,i said "yes this is the right place to share my opinions". İ would rather ask a question outside the theory about IDS-IPS comparision.Right now i am more interested in product comparision becaues of my urgent duty İ had the chance to test Radware Defense Pro only as ab inline - IPS product. İt seems to be very fast responsive and successfull blocker against DDOS attacks,Synfloods and typical worms and detecting Protocol Anomalies. The other vendors waiting for my tests:) are Netscreen IDP,RealSecure ISS Proventia G200 and Network Associates NAI Intruvert 2600 series. Does any of you know about these products,especially in a competitive way between them? İ would appreciate your answers Regards Melih Kırkgöz Network Security Services Koç.net Haberlesme Teknolojileri ve Iletisim Hizmetleri Camlica Is Merkezi B3 Blok Uskudar 81190 Istanbul -TURKEY email: melihk () koc net URL :http://www.koc.net -----Original Message----- From: Rob Shein [mailto:shoten () starpower net] Sent: Tuesday, April 27, 2004 6:39 PM To: 'Frank Knobbe'; 'Vikram Phatak' Cc: focus-ids () securityfocus com Subject: RE: NIPS Vendors explicit answer I can answer this fairly easily. Bruce Schneier, among other people, has been pointing out that the real measure of security is how gracefully it fails. In many large environments (like where I am right now) there can be confusion as to who is responsible for which system; the system in question may go unpatched as a result. When there's an IPS on top of everything, it makes a big difference, because now you have another layer of defense to protect it. At some point, someone is bound to notice that the system isn't patched, but at least it won't be because of some 1337 d00d tearing it up. For a public-facing service this is an entire second layer of protection, where before there was only one. I'd also think that any environment that could tackle the implementation of an IPS correctly would already have patching fairly well in hand. And I doubt they'd stop patching at that point, anyways. Oh, and I second the request for an IPS list. Good idea, Frank!
-----Original Message----- From: Frank Knobbe [mailto:frank () knobbe us] Sent: Monday, April 26, 2004 8:04 PM To: Vikram Phatak Cc: focus-ids () securityfocus com Subject: Re: NIPS Vendors explicit answer
<snip>
True. It seems I was focusing on the detection part, not the prevention part. A product that shields existing vulnerabilities from a network does have merit. I think I just question why we need the product. It appears that it would allows us to be more complacent with our networks. Why patch the system when the IPS shields it? There seem to be two sides to the IPS-shielding-the-network approach. I can see where it is useful (especially when running Microsoft products, the latest SSL issue being the perfect example). But at the same time it is only a band-aid until the hosts are patched. Shouldn't we focus our preventative efforts on the hosts? (not dispelling IPS, but we should use it as a substitute for securing systems).
<snip snip> --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: NIPS Vendors explicit answer, (continued)
- Re: NIPS Vendors explicit answer Vikram Phatak (Apr 27)
- Message not available
- Re: NIPS Vendors explicit answer Frank Knobbe (Apr 27)
- Re: NIPS Vendors explicit answer Vikram Phatak (Apr 27)
- RE: NIPS Vendors explicit answer Rob Shein (Apr 28)
- RE: NIPS Vendors explicit answer Frank Knobbe (Apr 30)
- RE: NIPS Vendors explicit answer Rob Shein (Apr 30)
- Re: IDSes and known attacks (was: NIPS Vendors explicit answer) Drexx Laggui (Apr 28)
- Re: NIPS Vendors explicit answer Ron Gula (Apr 28)
- Re: NIPS Vendors explicit answer Vikram Phatak (Apr 28)