Re: IPS, alternative solutions

From: Alex Butcher, ISC/ISYS (Alex.Butcher_at_bristol.ac.uk)
Date: 09/15/04

  • Next message: Scott Wimer: "Re: IPS, alternative solutions"
    Date: Wed, 15 Sep 2004 16:43:57 +0100
    To: focus-ids@securityfocus.com
    
    

    --On 14 September 2004 10:01 +0000 Daniel <deeper@gmail.com> wrote:

    >
    >
    > So far there has been a load of talk discussing which is the better
    > technology. Personally i dont think IPS is ready for the big time. Yeah
    > its great for small mum and dad networks, but for large financial
    > networks with billions of pounds flowing across them, would you trust a
    > technology to think and block what it seems as bad traffic?

    Certainly that's a risk with limited-accuracy signatures that are
    commonplace today.

    > So what are the alternatives?
    >
    > I'd say more host based protection such as:
    >
    > - Stack protection
    >
    > - Application level firewalls (ModSecurity/SecureIIS)

    These two technologies are often included in Host IPS products.

    > - Host based firewalls

    Useful, but won't help in isolation (e.g. user receives a 0-day worm via a
    email attachment to their hotmail account and runs it; or, loads a
    malicious JPG image with an application that's vulnerable to MS04-28)

    Best Regards,
    Alex.

    -- 
    Alex Butcher: Security & Integrity, Personal Computer Systems Group
    Information Systems and Computing             GPG Key ID: F9B27DC9
    GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
    --------------------------------------------------------------------------
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
    --------------------------------------------------------------------------
    

  • Next message: Scott Wimer: "Re: IPS, alternative solutions"