RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)
From: Chris Blask (blask_at_protegonetworks.com)
Date: 02/27/04
- Previous message: Christopher Lee: "RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)"
- In reply to: Ben Nagy: "RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)"
- Next in thread: Marcus J. Ranum: "RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Ben Nagy" <ben@iagu.net>, "'Marcus J. Ranum'" <mjr@ranum.com>, <firewall-wizards@honor.icsalabs.com> Date: Fri, 27 Feb 2004 14:14:16 -0800
At 09:27 AM 2/27/2004 +0100, Ben Nagy wrote:
> > From: Marcus J. Ranum [mailto:mjr@ranum.com]
> > Sent: Thursday, February 26, 2004 11:00 PM
> > Stiennon,Richard wrote:
> > >Network IPS:
> > >An inline device that assembles packets into streams or
> > sessions and parses them.
> > So far, that's a "firewall" - the first firewalls did all
> > that inherently since they were proxies.
.d.
> > Intrusion Prevention
> > CAN'T be something as simple and stupid and ancient as a
> > firewall that detects and closes sessions based on
> > application layer attack detection. That's not sexy, is it?
.d.
>Sounds pretty sexy to me - I'd buy one that worked, as long as it could also
>deal with the problem network wide. :)
Network wide is the entire issue.
A single piece of network gear is a dot. The interesting bits of
"preventing intrusions" have a lot more to do with all the lines and dots
that make up the network and what they're up to than just a handful of the
dots.
Smart firewalls are all well and good, but there are already connectivity
dots (FWs, routers and switches) out there. Just take the right view of
the info already coming out of the network and use the boxes that are there
to do what they do - deal with traffic issues. Maybe two years from now
some of the current IPS-box makers will still be making neat dots - some
are kinda cool now - we'll find out in time.
.d.
:-)
> > >Some of the network IPS vendors are profiting from the need
> > to throttle undesirable traffic (file sharing) at universities.
> > Anyone on the list care to corroborate this?
I have seen a university using an IPS box, but I wouldn't speak on their
behalf about how much of a driver P2P was.
A network IPS box could snuff P2P stuff at the network edge if you cover
all the connections. That would limit the P2P to only between students on
the network - good thing college students don't have a lot of files to
trade on their laptops... :-)
>Uh, why wouldn't they use traffic shaping, which is mature and cheaper? Is a
>standard Cisco router an inline IPS now? Cool!
There's that existing infrastructure, again...
Yes. It can be. There's nothing particularly special about the way any
box stops packets, you just have to know how to flip the switches.
-chris
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Christopher Lee: "RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)"
- In reply to: Ben Nagy: "RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)"
- Next in thread: Marcus J. Ranum: "RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
