RE: Checkpoint IPS

["Darden, Patrick" <Patrick.Darden () p66 com>]

Like most tools, IPSes are only as good as the people using them.

+10  "you can't just plug the "magic box" inline and expect to relax"

IPSes can't replace a well administered modern firewall, with default deny, well defined protocols with sanity 
checking, etc.  But imho they can help--e.g. with an internal well-protected network that shouldn't even be able to be 
attacked, but some dude picked up a usb key in the parking lot and plugged it into his PC to see what was on it.  No 
firewall will help with this--but an IDS/IPS will.

And no box is magic (another +10), despite the marketing droids' nebulous talk of clouds and AI and harnessing the 
power of the nuclear-nano-crowd-source.  They all need active attention by knowledgeable and intelligent people.

--p

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Michael O Holstein
Sent: Thursday, February 05, 2015 7:13 AM
To: nanog () nanog org
Subject: [EXTERNAL]Re: Checkpoint IPS
<clip>
Personally I'm of the belief that *all* IPS systems are equally worthless, unless the goal is to just check a box on a 
form. Sure they will give you pretty graphs of script-kiddie attempts but that's just the noise in which the skilled 
attack will get lost. You have to do everything else right, you can't just plug the "magic box" inline and expect to 
relax.
<clip>
Michael Holstein
Cleveland State University
2