RE: IPS arguments



Compliance, ease of management, redundancy are all good reasons.

I have to admit there is part of me that sides with your CIO here, not that
I believe the CISCO IPS is superfluous, but that I want to hear from you (or
any consultant) how that IPS combined with the bundle of tools I already
have will increase the security of my operation.

Pardon my bluntness here, but the fact that you are asking a listserv to
explain/defend the implementation seems to imply that you are unsure (for
whatever reason) as well.

Implementation of a tool is far more critical than the actual tool itself.
The CIO may just be making sure that he understands the capabilities and
functions of that equipment before rushing ahead.

--
Joe

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Hugo Vinicius Garcia Razera
Sent: Saturday, February 14, 2009 9:35 AM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: IPS arguments

Hello Gentleman's,

I have finished a penetration testing to a client like a month ago.
The company i worked for used some practices that i don't agree with.
that's one of the reasons i resigned. any way they managed to shell
the audited company a CISCO IPS using the results of the pen test.

Well the thing is that the CIO of that company is refusing to install
the IPS on their network even after his company has already put a buy
order for the equipment and said IPS is know on their building but he
refuses to install such equipment, augmenting that it is totally
unnecessary because they all ready have an Microsoft ISA server
Firewall in place, and symantec enpoint protection on the clients
machine.

Can any one point me why, they need an IPS?

The old company i worked for wants me to penetrate their network, to
proof them they need an IPS . this time I'm thinking on deploying an
old Trojan i coded.

but i would like to have more compelling arguments on why some one needs
an IPS

thanks for the time replying to my questions

Hugo




Relevant Pages

  • Re: Meta question: disappearing posts (was Re: calculating aself.value, self.randomnum = normalvaria
    ... Two reasons for that: ... - Second is if the same telco assigns me an IP that has been put on a list ... of bad boy IPs. ... So it is kind of pot luck if you see this message or not. ...
    (comp.lang.python)
  • Re: Home of the Underdogs
    ... Well from my end the IPs did not seem to match. ... Anytime someone sends ... Its too easy to dupe a page for the wrong reasons. ...
    (comp.sys.ibm.pc.games.strategic)
  • RE: FTP scans from wanadoo.fr
    ... space and they have requested a list of source IPs involved in scanning ... with Wanadoo.fr management, and they need some data to go with it. ... >> I have started gathering IPs and just blocking the networks as wanadoo ... >> For more information on this free incident handling, ...
    (Incidents)
  • RE: IDSIPS that can handle one Gig
    ... thoughts about the relationship between IPS and VM out on the table. ... PES>> Actually, it is an attitude borne out of entirely too much experience ... hundreds per year) where there is an effective patch and vulnerability ... management that can keep pace with the exploits in the wild. ...
    (Focus-IDS)
  • Re: How much do you disclose to customers?
    ... network administrators do not know about the test so you don't tell ... IPs to them. ... Management usually doesn't care about such technical ... If they usually act on IDS alarm in some way, ...
    (Pen-Test)