Re: CISCOs new IPS

From: ADT (synfinatic_at_gmail.com)
Date: 01/07/05

  • Next message: Krystian Antoni: "Re: IDS CISCO alarm"
    Date: Thu, 6 Jan 2005 22:44:44 -0800
    To: Billy Dodson <billy@pmicromart.com>
    
    

    /me sigh

    Why do people continue to claim that firewall/router ACL shunning is
    an effective attack prevention mechanisim? So many attacks nowadays
    can be contained in a single packet which these "solutions" can't
    stop. Not to mention the obvious race condition which may allow
    subsequent packets to pass.

    Nobody would try to sell or be willing to buy a "firewall" which
    sniffs traffic and updates a router ACL, but yet this is somehow
    acceptable as a protection mechanisim for malicious traffic.

    WTF?

    -Aaron

    -- 
    http://synfin.net
    On Thu, 6 Jan 2005 14:18:10 -0600, Billy Dodson <billy@pmicromart.com> wrote:
    > The cisco IPS is not quite what I thought it was going to be.  The IPS
    > is intended for use at branch offices or remote users where you would
    > not normally spring for a fire-walling device.  The IPS is nothing more
    > then a IOS router with IOS firewall and the IDS engine.  The IPS is just
    > software that runs on a cisco router.  It can use around 740 signatures
    > from the cisco IDS to run its "prevention".  It basically turns your
    > router into a small IDS/firewall.  It will be able to create access
    > lists or shuns on the fly.  The same as a current cisco IDS works in
    > conjunction with an IOS router or PIX firewall.  This device is not
    > intended to be the first line of defense within the network.
    > 
    > The cisco IPS is not replacing the cisco IDS.  The cisco IDS is still a
    > good product and can be used as a prevention device when used in
    > conjunction with a router or firewall.  You can configure the sensor to
    > send commands to the router or firewall to Shun the connection or create
    > an access list on a router.
    --------------------------------------------------------------------------
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from 
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
    to learn more.
    --------------------------------------------------------------------------
    

  • Next message: Krystian Antoni: "Re: IDS CISCO alarm"

    Relevant Pages

    • Re: Newbie Setup Question
      ... > routed to the correct private IPs. ... > Poweredge 2600 with the remote access cards. ... > firewall can only be configured as one public IP, and if I put a switch ... you'll need something inside your router that you can connect ...
      (comp.security.firewalls)
    • Re: Filter at Router or Firewall
      ... > traffic from certain IPs, before some new firewall purchase decisions are ... > router to our border is a standard ethernet connection. ... put a transparent/bridging firewall between the internet and our ...
      (Security-Basics)
    • Filter at Router or Firewall
      ... traffic from certain IPs, before some new firewall purchase decisions are ... Our connection to the internet is 100 Mbps. ... router to our border is a standard ethernet connection. ... put a transparent/bridging firewall between the internet and our ...
      (Security-Basics)
    • Re: how to connect firewall to router
      ... >>on lan side and this port is the firewall port, ... >>the traffic for other IPs and direct it to the right pc? ... Your router must have something ... In this routing table you tell the router to ...
      (comp.security.firewalls)
    • Re: Just venting (totally OT)
      ... the ame router to get access to the net! ... I'm paranoid about opening up my firewall "just in case..." ... not visiting dodgy Websites. ... The protection that it does supply is also provided by ...
      (uk.people.support.depression)