Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IPS, alternative solutions

from [Scott Wimer] Network Security [Permanent Link]
Subject: Re: IPS, alternative solutions
Date: Wed, 15 Sep 2004 15:52:51 -0400 
I don't think it is easier or more cost effective.  This is merely my
observation of what they _want_, not what they can have. :)

Scott Wimer
On Wed, 2004-09-15 at 15:47, Jason wrote:

I've heard of no medium+ sized business that is considering deploying 
inline technology on the internals of the network in a sufficiently 
pervasive manner that there would be any measurable benefit from the 
technology over patching and asset management.

I would be seriously interested in an ROI that can demonstrate savings.

The simple question is how is inline packet scrubbing easier and more 
cost effective than patching?

Scott Wimer wrote:


Daniel,

I agree with your assessment.  What I have encountered in the
financial sector though is a desire to have the packets "scrubbed"
before they reach the servers.  People _want_ to deploy network based
IPS tools because it is easier and more cost effective.  That it
doesn't seem to be possible yet is another story altogether.

Regards, Scott Wimer

On Tue, 2004-09-14 at 06:01, Daniel wrote:


So far there has been a load of talk discussing which is the better
technology. Personally i dont think IPS is ready for the big time.
Yeah its great for small mum and dad networks, but for large
financial networks with billions of pounds flowing across them,
would you trust a technology to think and block what it seems as
bad traffic?

So what are the alternatives? I'd say more host based protection
such as:

- Stack protection - Application level firewalls
(ModSecurity/SecureIIS) - Host based firewalls

I'm interested to see what everyone else feels are alternatives to
IPS


--------------------------------------------------------------------------
 Test Your IDS

Is your IDS deployed correctly? Find out quickly and easily by
testing it with real-world attacks from CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more. 
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: session logging IDS, Bénoni MARTIN
Next by Date:  Re: IPS, alternative solutions, Alex Butcher, ISC/ISYS
Previous by Thread:  Re: IPS, alternative solutions, Jason
Next by Thread:  Re: IPS, alternative solutions, Jason Haar
Indexes:  [Date] [Thread] [Top] [All Lists]