Re: Checkpoint IPS

[Terry Baranski <terry.baranski.list () gmail com>]

On 6 Feb 2015, at 11:46,  Valdis Kletnieks wrote:

> Count up the number of *actual* attacks they have stopped
> that wouldn't have been stopped otherwise

Many.

> and contrast it
> to the number of times they've been used as the *basis* for
> an attack (DDoS via state exhaustion, for starters)

Zero, on my networks.

> or their failure has caused operational issues.

Zero, on my networks. Unless "operation issues" means traffic fails over
without a hitch.

> Still think they're a good idea?

Yep. And thanks for asking.

If you can't deploy IPS's in such a way that they don't make your network
less secure via DDoS susceptibility, or reduce availability due to
non-existent or subpar redundancy/survivability engineering, then you
shouldn't deploy IPS's.

-Terry

On Thu, Feb 5, 2015 at 11:46 AM, <Valdis.Kletnieks () vt edu> wrote:

> On Thu, 05 Feb 2015 09:31:49 -0500, Terry Baranski said:
>
> > People tend to hear what they want to hear. Surely your claim can't be
> that
> > an IPS has never, in the history of Earth, prevented an attack or
> exploit.
> > So it's unclear to me what you're actually trying to say here.
>
> Count up the number of *actual* attacks they have stopped that wouldn't
> have been stopped otherwise, and contrast it to the number of times they've
> been used as the *basis* for an attack (DDoS via state exhaustion, for
> starters)
> or their failure has caused operational issues.  Remember that one of the
> three security pillars is "Availability".
>
> Still think they're a good idea?