Re: IPS, alternative solutions

From: Mike Frantzen (frantzen_at_nfr.com)
Date: 09/22/04

  • Next message: Kyle Maxwell: "Re: IPS, alternative solutions" 
    Date: Wed, 22 Sep 2004 12:22:01 -0400
To: Jason <security@brvenik.com>

    > The way I see it, an IPS can attempt to contain your infestation and
    > help reduce your legal exposure from outbound attacks that would
    > otherwise make it to your partners... This is a value I can quantify and
    > the best use case I have seen for IPS. The problem I have with it is
    > that a properly implemented firewall can most likely do the same and
    > provide much better overall value.

    One of the spots where an IPS beats a firewall hands down is on the
    interior of a large organization. I've seen too many large
    disfunctional companies that compartmentalize their departments by
    placing firewalls between each and every one. Marketing and sales can't
    access engineering project schedules and feature lists on the
    engineering web server. Engineering can't access the support database
    to look for common issues and trends. No one can access their
    department's machines from their laptop when in a conference room...
    etc etc

    We end up with an authoritarian system where the firewalls inhibit the
    communication inside the company. An IPS can maintain the security
    compartmentalization and containment without impeding the free flow of
    information between departments.

    I know I've bitched and moaned that some companies just don't talk
    between departments. And sometimes, they actually can't talk between
    departments.

    .mike
    frantzen@(nfr.com | cvs.openbsd.org | w4g.org)
    PGP: CC A4 E2 E8 0C F8 42 F0 BC 26 85 5B 6F 9E ED 28

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
    --------------------------------------------------------------------------

  • Next message: Kyle Maxwell: "Re: IPS, alternative solutions"

    Relevant Pages

    • Re: Analysing and configuring IPS/IDS Policies
      ... If you have no faith in the firewall or you are concerned about more ... Remove the IPS from the network. ... policies and logs on those devices. ...
      (Focus-IDS)
    • RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)
      ... IPS has been pretty much been expected to weed out the known bad traffics on ... looks for these type of behaviour in a sequence of packets, ... firewall don't make these kind of mistakes. ... decently good ones will go through the trouble of reassembling the packets ...
      (Firewall-Wizards)
    • RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)
      ... it merely does string-matchings on the packets alone. ... Network IPS: ... A software shim (firewall) that sits between the kernel and the application. ... deployed deep inside a network. ...
      (Firewall-Wizards)
    • RE: IPS vs Firewall
      ... Might I suggest using the witty worm as an example? ... > to implement an IPS solution. ... > place the IPS outside the firewall, ... of an Ethical Hacker to better assess the security of your organization. ...
      (Security-Basics)
    • Re: IPS, alternative solutions
      ... >> the best use case I have seen for IPS. ... > One of the spots where an IPS beats a firewall hands down is on the ... Which is broken behaviour in the name of security. ... should be a combination of packet filters and proxies anyway). ...
      (Focus-IDS)