Re: IPS arguments

[Micheal Cottingham <techie.micheal () gmail com>]

An IPS isn't a firewall, as others have mentioned. I'm actually a huge
fan of IPSs (well, the good ones). I don't know how well Cisco's works
because I've never worked with it, but the one that I worked with paid
for itself in just a couple of months. A firewall will (if configured
correctly ...) block ports, but what happens if you have a bot on one
of your servers that connects to a C&C over port 80? Or 25? A firewall
won't see that, but an IPS will not only see it, but will block it.

As someone mentioned above, defense in depth is the name of the game.
Sure, ISA may work for the organization, but it won't do everything
that a good IPS will do.

On Thu, Feb 19, 2009 at 3:42 AM, M.D.Mufambisi <mufambisi () gmail com> wrote:
> Hi Hugo.
>
> I am also in the same dilemma as you are. I work for a consultancy
> firm and one of the advisors here told the client to get an IPS in
> addition to a firewall, antivirus etc. I really do not get it. With
> the IPS wont there be 2 firewalls now?
> Also, im not into penetration tests but i sure wish to move into that
> field. May i please have advice on procedures and tests performed
> during a pen test? Or a framework of some sort? Your advice will be
> greatly appreciated. Oh, i see you have your trojan. What language did
> you use to code it? How do i get to train myself to develop security
> tools/trojans etc?
>
> Hope to hear from you soon.
>
> Kind regards,
>
> On 2/14/09, Hugo Vinicius Garcia Razera <hviniciusg () gmail com> wrote:
> > Hello Gentleman's,
> >
> > I have finished a penetration testing to a client like a month ago.
> > The company i worked for used some practices that i don't agree with.
> > that's one of the reasons i resigned. any way they managed to shell
> > the audited company a CISCO IPS using the results of the pen test.
> >
> > Well the thing is that the CIO of that company is refusing to install
> > the IPS on their network even after his company has already put a buy
> > order for the equipment and said IPS is know on their building but he
> > refuses to install such equipment, augmenting that it is totally
> > unnecessary because they all ready have an Microsoft ISA server
> > Firewall in place, and symantec enpoint protection on the clients
> > machine.
> >
> > Can any one point me why, they need an IPS?
> >
> > The old company i worked for wants me to penetrate their network, to
> > proof them they need an IPS . this time I'm thinking on deploying an
> > old Trojan i coded.
> >
> > but i would like to have more compelling arguments on why some one needs an
> > IPS
> >
> > thanks for the time replying to my questions
> >
> > Hugo