Re: IPS arguments

[JiPi DiNi <jipidini () gmail com>]

On Sat, Feb 14, 2009 at 9:34 AM, Hugo Vinicius Garcia Razera
<hviniciusg () gmail com> wrote:
> Hello Gentleman's,
>
> Well the thing is that the CIO of that company is refusing to install
> the IPS on their network even after his company has already put a buy
> order for the equipment and said IPS is know on their building but he
> refuses to install such equipment, augmenting that it is totally
> unnecessary because they all ready have an Microsoft ISA server
> Firewall in place, and symantec enpoint protection on the clients
> machine.
>
> Can any one point me why, they need an IPS?

The IPS provides protection at multiple layers and they are a good
safeguard to implement in order to block attacks BEFORE they are
entering the infrastructure or hitting the endpoint client.

Why allowing all this malicious traffic on the network when it could
be stopped right at the entry point (i.e. between the Telco router and
the firewall or between the firewall and the switch.)

Also dual vendor helps since the endpoint might not have the proper
signature or detection mechanism that the Cisco IPS would have. Cisco
have been pretty good at keeping up with the vulnerabilities are
releasing signature pack in a timely manner.

Also the IPS is usually invisible on the network and it adds an extra
layer of protection.

-- 
Thanks,
JiPi DiNi