Penetration Testing mailing list archives
Re: IPS comparison
From: Chuck <chuck.lists () gmail com>
Date: Wed, 27 Jul 2005 09:33:26 -0400
Since you mentioned PCI compliance, one thing you might not be aware of is that for your regular PCI vulnerability scans and penetration tests you will have to disable the IPS (from the scanning systems). An IPS will not help you in passing the PCI compliance scans. This is documented in requirement 15 on page 4 of this document: https://sdp.mastercardintl.com/pdf/pcs_manual.pdf Is there a specific requirement for you to have an IPS in your system? There could be such a requirement for large enough systems that I am not aware of, so I'd be interested to hear about it. And, of course, this is not to say that IPSs are useless in a practical sense. An IPS will provide defense in depth if you accidentally field a vulnerable system, but it cannot be used as a substitute for securing the underlying systems. Chuck On 7/26/05, Jeffrey Leggett <jleggett () interland com> wrote:
Ha... I am in the middle of testing and evaluating IPS solutions for my company, a large Web Hoster for PCI/CISP compliance.
Current thread:
- RE: IPS comparison, (continued)
- RE: IPS comparison Martin (Jul 25)
- RE: IPS comparison David L Rice (Jul 25)
- RE: IPS comparison Lyal Collins (Jul 26)
- RE: IPS comparison Alexis Villagra - VILSOL LatinAmerica (Jul 26)
- RE: IPS comparison Martin (Jul 25)
- RE: IPS comparison Security Focus (Jul 26)
- RE: IPS comparison Dane Warren (Jul 25)
- IPS Comparison Darwin (Jul 25)
- RE: IPS Comparison Security Focus (Jul 26)
- RE: IPS comparison Singh, Yashpal (Jul 25)
- RE: IPS comparison Jeffrey Leggett (Jul 26)
- Re: IPS comparison Chuck (Jul 27)
- RE: IPS comparison Soszynski, Chris (Jul 27)
- RE: IPS Comparison JP Garcia (Jul 27)
- RE: IPS Comparison Miguel Dilaj (Jul 27)
- Re: IPS Comparison Ivan C (Jul 29)
- RE: IPS Comparison Miguel Dilaj (Jul 27)
- RE: IPS comparison Gregory D. McPhee (Jul 27)
- Re: IPS comparison Ivan C (Jul 28)
- Re: IPS comparison Joey Peloquin (Jul 30)
- Re: IPS comparison Daniel Cid (Jul 30)
- Fw: IPS comparison OguzTekeli (Jul 28)
- Re: IPS comparison joekim13 (Jul 30)