Re: IPS arguments

[Esteban Farao <efarao () gmail com>]

Hi Hugo,
The only arguments I can think of is that they need to be in
complaince with PCI requeriment 11.4 or you want to automate the
logging monitoring/response.

Anyway, I believe that the use of an IDS/IPS is an additional layer to
protect the whole infrastructure. If you have the proper security in
place, the logs are enabled, you have personnel to review them, and
there is a CIRP in place,  do not need IDS/IPSs.

Regards,
Esteban
If you want to automate

On 2/14/09, Hugo Vinicius Garcia Razera <hviniciusg () gmail com> wrote:
> Hello Gentleman's,
>
> I have finished a penetration testing to a client like a month ago.
> The company i worked for used some practices that i don't agree with.
> that's one of the reasons i resigned. any way they managed to shell
> the audited company a CISCO IPS using the results of the pen test.
>
> Well the thing is that the CIO of that company is refusing to install
> the IPS on their network even after his company has already put a buy
> order for the equipment and said IPS is know on their building but he
> refuses to install such equipment, augmenting that it is totally
> unnecessary because they all ready have an Microsoft ISA server
> Firewall in place, and symantec enpoint protection on the clients
> machine.
>
> Can any one point me why, they need an IPS?
>
> The old company i worked for wants me to penetrate their network, to
> proof them they need an IPS . this time I'm thinking on deploying an
> old Trojan i coded.
>
> but i would like to have more compelling arguments on why some one needs an
> IPS
>
> thanks for the time replying to my questions
>
> Hugo

-- 
Sent from my mobile device