Security Basics mailing list archives

Re: Checkpoint smart defance as IPS

From: John Bond <john.r.bond () gmail com>
Date: Fri, 28 May 2010 09:45:28 +0100

On Thu, May 27, 2010 at 9:50 PM,  <mzcohen2682 () aim com> wrote:

Hi list friends !!!
the client has checkpoint
smart defance

As you say smart defense i will assume they are not using R70, IPS
(found in R70) which was previously called smartdefense is a much
better

module installed on his FW but I guess that this module is not
enough because 1. one cant write signatures

You can't write signatures your self, however checkpoint do release
updates quite regularly

2. the clients uses SSL on his
web site so the IPS cant see the attack.
AM I WRONG?? .

I would say this is were the lines between IPS and web application
Firewall tends to get blued.  personally  I would say that an IPS
system does not need to really worry about ssl connections.  Let your
IPS system focus on layers 2-4.  If you are worried about web
applications i.e. SQL injection, XSS etc then get a web application
firewall as well.  These are purely focused on the task and are much
more configurable than an IPS system that has the ability to inspect
SSL traffic

I think that the
client needs to buy a real IPS

personally i am not a big fan of smartdefense.  It brings up a lot of
false positives and it is difficult to customise and tweak so more
often than not protection is switched of.  IPS found in r70 resolves
some of these issues

which IPS you recommend for doing the task?

mod_security on Apache is a pretty good web application firewall.  The
company that produce mod_security also make a hardwere appliance
called breach which seems ok.  however i have not had much experience
with other commercial offerings

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Checkpoint smart defance as IPS mzcohen2682 (May 27)
- Re: Checkpoint smart defance as IPS Francois Yang (May 28)
- RE: Checkpoint smart defance as IPS Erik Ilves (May 28)
- RE: Checkpoint smart defance as IPS Boyd, Chad (May 28)
  - Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)
- Message not available
  - Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)
- Re: Checkpoint smart defance as IPS John Bond (May 28)
- Message not available
  - Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)
- Message not available
  - Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)
- Re: Checkpoint smart defance as IPS Laurens Vets (May 28)
  - Re: Checkpoint smart defance as IPS mzcohen2682 (May 28)
    - Re: Checkpoint smart defance as IPS Laurens Vets (May 28)
    - Re: Checkpoint smart defance as IPS Trevor Alexander (May 28)
    - RE: Checkpoint smart defance as IPS Bretten, Andrew P (May 28)
    - RE: Checkpoint smart defance as IPS Craig S. Wright (May 31)
    - Re: Checkpoint smart defance as IPS Trevor Alexander (May 31)
    - RE: Checkpoint smart defance as IPS Craig S. Wright (May 31)

(Thread continues...)