Re: [fw-wiz] IPS vs. Firewalls
- From: Mark Teicher <mht3@xxxxxxxxxxxxx>
- Date: Thu, 2 Feb 2006 14:51:38 -0500 (GMT-05:00)
Phil Albacore wrote:
They've heard that IPS sensors can be used to block traffic, so they've got it in their heads that we don't need a firewall anymore.
I would suggest http://www.ranum.com/security/computer_security/papers/a1-firewall/index.html if you would like to save money in your IT Network Security Budget on IPS/IDS Budget line item and Firewall Budget line item.
-----Original Message-----
From: "Marcus J. Ranum" <mjr@xxxxxxxxx>
Sent: Feb 2, 2006 12:33 PM
To: Phil Albacore <phila@xxxxxxxxxxxxxxxxxxxxxxx>, firewall-wizards@xxxxxxxxxxxxxxxxxx
Subject: Re: [fw-wiz] IPS vs. Firewalls
Phil Albacore wrote:
They've heard that IPS sensors can be used to block traffic, so they've got it in their heads that we don't need a firewall anymore.
I'd suggest you have them ask a few of the IPS vendors if they recommend
using their product in that manner. Unless you're talking to the IPS vendors
that are basically selling a firewall+signatures (like a "deep packet inspection"
firewall) they will backpedal away from that very rapidly. Perhaps your
path of least resistance is to tell them that you want one of the new
generation "IPS firewalls" then you can turn off the IPS crap (which
won't do anything except slow the firewall down, anyhow) and use the
firewall rules. The only problem with that is that most of the IPS firewalls
are little more than a cheesy "stateful" packet filter with a few dozen
signatures hammered into the packet forwarder loop. I'd be being
uncharacteristically generous if I said that they "suck" - they're not
nearly that good.
I've got to thank you for asking the question; it made me look at a few of
the IPS vendor claims to see if many of them have the guts to say they
replace a firewall. I particularly got a chuckle out of Intruvert's (now NAI)
claim that they protect against encrypted attacks. I needed some yuks
to lighten up my morning!!
I quote: " McAfee IntruShield delivers comprehensive protection against
today?s constantly evolving threats, including known, zero-day, and
encrypted attacks."
Wow -- that does sound pretty good. I guess you don't need a firewall
after all!!
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] IPS vs. Firewalls
- From: Julian M D
- Re: [fw-wiz] IPS vs. Firewalls
- Prev by Date: [fw-wiz] P2P traffic
- Next by Date: Re: [fw-wiz] RE: In defense of non standard ports
- Previous by thread: Re: [fw-wiz] IPS vs. Firewalls (why vs. ?)
- Next by thread: Re: [fw-wiz] IPS vs. Firewalls
- Index(es):
Relevant Pages
|
