/me sigh
Why do people continue to claim that firewall/router ACL shunning is
an effective attack prevention mechanisim? So many attacks nowadays
can be contained in a single packet which these "solutions" can't
stop. Not to mention the obvious race condition which may allow
subsequent packets to pass.
Nobody would try to sell or be willing to buy a "firewall" which
sniffs traffic and updates a router ACL, but yet this is somehow
acceptable as a protection mechanisim for malicious traffic.
WTF?
-Aaron
--
http://synfin.net
On Thu, 6 Jan 2005 14:18:10 -0600, Billy Dodson <billy@pmicromart.com> wrote:
The cisco IPS is not quite what I thought it was going to be. The IPS
is intended for use at branch offices or remote users where you would
not normally spring for a fire-walling device. The IPS is nothing more
then a IOS router with IOS firewall and the IDS engine. The IPS is just
software that runs on a cisco router. It can use around 740 signatures
from the cisco IDS to run its "prevention". It basically turns your
router into a small IDS/firewall. It will be able to create access
lists or shuns on the fly. The same as a current cisco IDS works in
conjunction with an IOS router or PIX firewall. This device is not
intended to be the first line of defense within the network.
The cisco IPS is not replacing the cisco IDS. The cisco IDS is still a
good product and can be used as a prevention device when used in
conjunction with a router or firewall. You can configure the sensor to
send commands to the router or firewall to Shun the connection or create
an access list on a router.
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
