nanog mailing list archives
RE: Re: Checkpoint IPS
From: "Darden, Patrick" <Patrick.Darden () p66 com>
Date: Thu, 5 Feb 2015 13:30:11 +0000
" Securing hosts/applications/services themselves is the way to protect them from compromise." Can't go wrong with defense in depth. I'd definitely throw securing routers in there, throw in firewalls, periodic internal scanning for idiot mistakes, audits, etc. I still think IPS/IDSes can be wielded to good effect in several different scenarios--e.g. just before the core switch (or spanning the core switch) of a PCN network, alerting to anything going on intra vs. inter. --p -----Original Message----- From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Roland Dobbins Sent: Thursday, February 05, 2015 7:20 AM To: nanog () nanog org Subject: [EXTERNAL]Re: Checkpoint IPS On 5 Feb 2015, at 20:13, Michael O Holstein wrote:
Personally I'm of the belief that *all* IPS systems are equally worthless, unless the goal is to just check a box on a form.
Concur 100%. Securing hosts/applications/services themselves is the way to protect them from compromise. ----------------------------------- Roland Dobbins <rdobbins () arbor net>
Current thread:
- Re: Checkpoint IPS, (continued)
- Re: Checkpoint IPS Eugeniu Patrascu (Feb 04)
- Re: Checkpoint IPS Michael Hallgren (Feb 04)
- Re: Checkpoint IPS Roland Dobbins (Feb 04)
- Re: Checkpoint IPS Michael Hallgren (Feb 04)
- Re: Checkpoint IPS Valdis . Kletnieks (Feb 05)
- Re: Checkpoint IPS Michael Hallgren (Feb 04)
- RE: Checkpoint IPS Terry Baranski (Feb 05)
- Re: Checkpoint IPS Michael O Holstein (Feb 05)
- Re: Checkpoint IPS Roland Dobbins (Feb 05)
- RE: Re: Checkpoint IPS Darden, Patrick (Feb 05)
- Re: Checkpoint IPS Skeeve Stevens (Feb 05)
- RE: Checkpoint IPS Darden, Patrick (Feb 05)
- RE: Checkpoint IPS Terry Baranski (Feb 05)
- Re: Checkpoint IPS Michael Hallgren (Feb 05)