Daniel,
I agree with your assessment. What I have encountered in the financial
sector though is a desire to have the packets "scrubbed" before they
reach the servers. People _want_ to deploy network based IPS tools
because it is easier and more cost effective. That it doesn't seem to
be possible yet is another story altogether.
Regards,
Scott Wimer
On Tue, 2004-09-14 at 06:01, Daniel wrote:
So far there has been a load of talk discussing which is the better
technology. Personally i dont think IPS is ready for the big time. Yeah its
great for small mum and dad networks, but for large financial networks with
billions of pounds flowing across them, would you trust a technology to think
and block what it seems as bad traffic?
So what are the alternatives?
I'd say more host based protection such as:
- Stack protection
- Application level firewalls (ModSecurity/SecureIIS)
- Host based firewalls
I'm interested to see what everyone else feels are alternatives to IPS
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to
learn more.
--------------------------------------------------------------------------
--
Scott M. Wimer Cylant
www.cylant.com 91 Hartwell Ave
v. (781) 402-0005 x238 Lexington, MA 02421
c. (781) 552-9525
There is no Security without Control.
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to
learn more.
--------------------------------------------------------------------------
