Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-disclosure] Suggestion for IDS

from [Jan Nielsen] Network Security [Permanent Link]
Subject: RE: [Full-disclosure] Suggestion for IDS
Date: Wed, 28 Sep 2005 18:49:32 +0200 
Hi Pauk

Can i ask what you were doing that a pix could not handle nat wise ?
just wondering since I have done very extensive and complex nat'ing in
pix'es from 506's up to 535's without any performance problems.

Jan

-----Original Message-----
From: Paul Schmehl [mailto:pauls@utdallas.edu] 
Sent: 28. september 2005 17:49
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Suggestion for IDS 

--On Wednesday, September 28, 2005 11:37:38 -0400
Valdis.Kletnieks@vt.edu 
wrote:


On Wed, 28 Sep 2005 07:01:34 EDT, "J. Oquendo" said:


While I do agree with the statement made "Quite frankly, anybody who
already has a PIX installed and wants to install an IPS needs to

quantify

*exactly* what protection the PIX is failing to provide before they

go

shopping for anything" to a degree, I also disagree with that

statement

since it eludes to the thinking that solely a PIX will save your ass.

It

won't, nor will any other firewall, nor will any other product

combined

with any OTHER product and so on.


Obviously, the original poster isn't thinking that a PIX will save

their

ass, because they're in the market for something in addition :)

They should be figuring out *why* they need more protection (quite
frankly, for many places, a *properly configured and maintained* PIX

is

quite sufficient),


Not only was the PIX (for us) not sufficient, it wasn't robust enough. 
We're ditching our PIXes for OpenBSD and pf.

If you NAT a lot, PIX can't handle the load.  It also isn't flexible
enough.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Suggestion for IDS, Michael Holstein
Next by Date:  Re: [Full-Disclosure] (no subject) cpshost.dll, Vitor Ventura
Previous by Thread:  Re: [Full-disclosure] Suggestion for IDS, Michael Holstein
Next by Thread:  RE: [Full-disclosure] Suggestion for IDS, Paul Schmehl
Indexes:  [Date] [Thread] [Top] [All Lists]