On Wed, Mar 29, 2006 at 06:50:57PM +0530, Devdas Bhagat wrote: > On 28/03/06 08:46 -0800, Andrew Plato wrote: > An IPS looks at stuff on the wire, decides what is bad, and blocks it. > A real firewall looks at stuff on the wire, decides what is good, and > allows it. A real firewall hooks into everything (servers, network > equipment, desktops...). > > Once you have a firewall in place, you need a system which analyses logs > and traffic which gets through your firewall. > > > > Also - you cannot patch your way to security. Patching merely plugs the > > holes you know about. There are, at any given time, hundreds if not > > thousands of holes you don't know about. Good IPS manufacturers are > > deploying protections before exploits hit the public.
Hello All, I agree with both of you. Running a network without both passive and dynamic protections makes no sense. After all, the so called "defense in depth" concept is well known. The main problem (i see) with both IPS/IDS is the tuning, running the correct "up to date" rules is mandatory, we rely on them. But we may (too) add another layer, something likes "NBAD" solutions, detecting abnormal traffic may be worth. Imagine a spyware running some sort of tunneling over https. How both IDS/IPS will detect this one ? is is possible ? I think we may (speaking at the wire level) use a good mix with all the solutions we saw. Best regards. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
