Penetration Testing mailing list archives

Re: IPS arguments

From: Javier Reyna <jreyna () onlinet com mx>
Date: Wed, 18 Feb 2009 16:12:12 -0600

an ISA Server, well, that's one argument to install an IPS. Symantec agents will only protect clients, but what 
about services?  ISA Server will not really protect them. ISA as a firewall, will protect ports not the 
aplication. If some sell me an CISCO IPS I will refuse too!!  I think the best way to realize what IPS protection 
does vs a fw protection is ports vs applications. IPS does a more granular and deep inspection, at last IPS 
analyze payload, enforce RFC, protect against zero days (sometimes). An only-firewall application will not do 
that, IMHO I better change firewall technology Juniper+deepinspection+screen, checkpoint+smartdefense, 
iptables+snortinline, just if the net is not too large. 

On Sat, Feb 14, 2009 at 10:34:52AM -0400, Hugo Vinicius Garcia Razera wrote:

Hello Gentleman's,

I have finished a penetration testing to a client like a month ago.
The company i worked for used some practices that i don't agree with.
that's one of the reasons i resigned. any way they managed to shell
the audited company a CISCO IPS using the results of the pen test.

Well the thing is that the CIO of that company is refusing to install
the IPS on their network even after his company has already put a buy
order for the equipment and said IPS is know on their building but he
refuses to install such equipment, augmenting that it is totally
unnecessary because they all ready have an Microsoft ISA server
Firewall in place, and symantec enpoint protection on the clients
machine.

Can any one point me why, they need an IPS?

The old company i worked for wants me to penetrate their network, to
proof them they need an IPS . this time I'm thinking on deploying an
old Trojan i coded.

but i would like to have more compelling arguments on why some one needs an IPS

thanks for the time replying to my questions

Hugo


-- 
Saludos!
________________

Javier Reyna 
CCSE WCSE ISS-CS NSP JNCIA-FWV
Consultor en Seguridad
jreyna () onlinet com mx
www.onlinet.com.mx
 ,,__
 o" )~
 ''''

Current thread:

IPS arguments Hugo Vinicius Garcia Razera (Feb 18)
- Re: IPS arguments Javier Reyna (Feb 20)
- Re: IPS arguments arvind doraiswamy (Feb 20)
- Re: IPS arguments Esteban Farao (Feb 20)
- Re: IPS arguments JiPi DiNi (Feb 20)
- RE: IPS arguments Shenk, Jerry A (Feb 20)
- Re: IPS arguments M.D.Mufambisi (Feb 20)
  - Re: IPS arguments Micheal Cottingham (Feb 22)
  - Re: IPS arguments Danny Fullerton (Feb 22)
    - Re: IPS arguments Javier Reyna (Feb 26)
    - Re: IPS arguments Trygve Aasheim (Feb 27)
    - Re: IPS arguments Webmaster 003 (Feb 27)

(Thread continues...)