Re: IPS, alternative solutions

From: Scott Wimer (scottw_at_cylant.com)
Date: 09/15/04

  • Next message: Bénoni MARTIN: "RE: session logging IDS" 
    To: Daniel <deeper@gmail.com>
Date: Wed, 15 Sep 2004 10:21:23 -0400

    Daniel,

    I agree with your assessment. What I have encountered in the financial
    sector though is a desire to have the packets "scrubbed" before they
    reach the servers. People _want_ to deploy network based IPS tools
    because it is easier and more cost effective. That it doesn't seem to
    be possible yet is another story altogether.

    Regards,
    Scott Wimer

    On Tue, 2004-09-14 at 06:01, Daniel wrote:
    > So far there has been a load of talk discussing which is the better technology. Personally i dont think IPS is ready for the big time. Yeah its great for small mum and dad networks, but for large financial networks with billions of pounds flowing across them, would you trust a technology to think and block what it seems as bad traffic?
    >
    > So what are the alternatives?
    > I'd say more host based protection such as:
    >
    > - Stack protection
    > - Application level firewalls (ModSecurity/SecureIIS)
    > - Host based firewalls
    >
    > I'm interested to see what everyone else feels are alternatives to IPS
    >
    >
    > --------------------------------------------------------------------------
    > Test Your IDS
    >
    > Is your IDS deployed correctly?
    > Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
    > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
    > -------------------------------------------------------------------------- 

    -- 
Scott M. Wimer                           Cylant
www.cylant.com                           91 Hartwell Ave
v. (781) 402-0005 x238                   Lexington, MA 02421
c. (781) 552-9525
There is no Security without Control.
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
  • Next message: Bénoni MARTIN: "RE: session logging IDS"

    Relevant Pages

    • Re: Tracking back internal incidents to users, not IPs
      ... Note that I am assuming that the source is a DHCP system here (otherwise ... Note that I would take an open source or a commercial product as a ... with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)
    • Re: Tracking back internal incidents to users, not IPs
      ... Note that I am assuming that the source is a DHCP system here (otherwise ... it is much easier problem). ... with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)
    • Re: What type of IDS should I use?
      ... communication is strictly prohibited. ... with real-world attacks from CORE IMPACT. ... Do You Yahoo!? ...
      (Focus-IDS)
    • SV: Bittorrent - utorrent
      ... As I am a contractor on the job – I could not controle their policies to whats legal and whats not – so that issue was out of the question. ... If it's not based on protocol interpretation and file type look up, ... Find out quickly and easily by testing it with real-world attacks from ... with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)
    • Re: Snort signature packet generator: Thanks
      ... Nmap is a bit too specialized. ... I've been trying to download Shmoo Group's Capture the ... >Find out quickly and easily by testing it with real-world attacks from ... >CORE IMPACT. ...
      (Focus-IDS)