Re: [fw-wiz] Corporate H/N IPS
From: Talisker (talisker@networkintrusion.co.uk)
Date: 12/14/02
- Next message: Mike Hoskins: "Re: [fw-wiz] Firewalls and 802.1q trunking"
- Previous message: Mikael Olsson: "[fw-wiz] "802.1x"?"
- In reply to: Crispin Cowan: "Re: [fw-wiz] Corporate H/N IPS"
- Next in thread: Crispin Cowan: "Re: [fw-wiz] Corporate H/N IPS"
- Reply: Crispin Cowan: "Re: [fw-wiz] Corporate H/N IPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Talisker" <talisker@networkintrusion.co.uk> To: "Crispin Cowan" <crispin@wirex.com> Date: Sat Dec 14 19:34:01 2002
Crispin
I'm not exactly in agreement with many of your points
> EXACTLY like a firewall, only they look at higher level aplication
> protocols than classic packet filtering firewalls.
I for one would not entrust my perimeter defense to a NIPS, however I may
consider using a NIPS to look for intrusion signatures on those packets that
have been passed by the firewall. I feel they complement each other very
well.
> Unfortunately, marketeers are pushing new buzz-words, trying to convince
> people that "host intrusion prevention" is some how different from
> secure operating systems.
There is little doubt that marketing forces are at work. However, from
experience we have lost this battle and to be fair the term IPS isn't so
bad. I do see HIPS as different from Secure OS's they are more widely
available to all, deployable with minimal impact on an existing network and
enterprise aware out of the box.
> True: "intrusion detection" is what you call it when your detector is so
> slow or imprecise that it cannot be used for prevention.
IDS can be a little hit and miss, I've had to switch some off because they
were so inadequate. However, I have also used others to good effect they
have saved my network on many occasions. There are some excellent examples
of both Host and Network IDS and as they mature they are becoming ever more
capable. That isn't to say they will work out of the box they do need a lot
of tender loving care but the investment of some time and tuning pays
dividends.
take care
-andy
Taliskers Network Security Tools
http://www.networkintrusion.co.uk
----- Original Message -----
From: "Crispin Cowan" <crispin@wirex.com>
To: "Talisker" <talisker@networkintrusion.co.uk>
Cc: <firewall-wizards@honor.icsalabs.com>
Sent: Saturday, December 14, 2002 2:36 AM
Subject: Re: [fw-wiz] Corporate H/N IPS
- Next message: Mike Hoskins: "Re: [fw-wiz] Firewalls and 802.1q trunking"
- Previous message: Mikael Olsson: "[fw-wiz] "802.1x"?"
- In reply to: Crispin Cowan: "Re: [fw-wiz] Corporate H/N IPS"
- Next in thread: Crispin Cowan: "Re: [fw-wiz] Corporate H/N IPS"
- Reply: Crispin Cowan: "Re: [fw-wiz] Corporate H/N IPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
