Re: IPS, alternative solutions

["Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>]

--On 14 September 2004 10:01 +0000 Daniel <deeper () gmail com> wrote:

> So far there has been a load of talk discussing which is the better
> technology. Personally i dont think IPS is ready for the big time. Yeah
> its great for small mum and dad networks, but for large financial
> networks with billions of pounds flowing across them, would you trust a
> technology to think and block what it seems as bad traffic?

Certainly that's a risk with limited-accuracy signatures that are 
commonplace today.

> So what are the alternatives?
>
> I'd say more host based protection such as:
>
> - Stack protection
>
> - Application level firewalls (ModSecurity/SecureIIS)

These two technologies are often included in Host IPS products.

> - Host based firewalls

Useful, but won't help in isolation (e.g. user receives a 0-day worm via a 
email attachment to their hotmail account and runs it; or, loads a 
malicious JPG image with an application that's vulnerable to MS04-28)

Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------