funsec mailing list archives
RE: so, is I[dp]S a STUPID technology?
From: "Kyle Quest" <Kyle.Quest () networkengines com>
Date: Tue, 11 Oct 2005 17:01:03 -0400
If we are talking about IPS I'd like to point out one little thing... It's not just about stopping exploits, but it's also about dealing with denial of service attacks. Having an IPS that blocks denial of service attacks is definitely valuable. It can make or break an ecommerce business. This is just one reason. Another reason... Things aren't always simple. There are times when you can't just install patches as soon as they are available. Different types of companies have different requirements for qualifying updates and patches. Sometimes it takes days. Sometimes it takes months. So what would you suggest for companies like that? Kyle -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]On Behalf Of Aviram Jenik Sent: Tuesday, October 11, 2005 5:38 PM To: funsec () linuxbox org Subject: Re: [funsec] so, is I[dp]S a STUPID technology? On Tuesday, 11 October 2005 21:50, Paul Schmehl wrote:
We're using TIppingpoint at the edge, and I can assure you it's in blocking mode. It's reduced the number of attacks we were seeing by over two thirds.
[...]
some of us have to actually deal with the crap floating around in the ether
See, this is what I don't get. I can understand the bored people (sorry Gadi) who want to log and monitor who attacks them and why. I _can't_ understand the busy people who are actually protecting their network, spending their time and money on silly IDS solutions. So you blocked 2/3 of the attacks. So what? Either those attacks were directed at vulnerabilities you have on your network, or they were futile attacks for services you have patched. If the second is true - why do you care? 0 successful attacks out of 1,000 is equivalent to 0 out of 3,000. If the first is true, how do you know there wasn't a successful attack in that 1/3 that wasn't blocked by the IDS? Surely you don't want to roll the dice with those odds. True, no solution is perfect, but Paul - why won't you use your IDS/IPS budget, and the time you spent configuring and installing it, in running a vulnerability scanner at regular basis (automatically, hopefully) and install a decent patch management system to make sure your systems are up to date? I'm not trying to be argumentative - I'm seriously trying to understand the logic. I must be missing something here. - Aviram _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: so, is I[dp]S a STUPID technology?, (continued)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Valdis . Kletnieks (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- RE: so, is I[dp]S a STUPID technology? Aditya Deshmukh (Oct 12)
- RE: so, is I[dp]S a STUPID technology? Barrie Dempster (Oct 13)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 13)
- RE: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 13)
- lalala [was: Re: so, is I[dp]S a STUPID technology?] Gadi Evron (Oct 11)
- Re: lalala [was: Re: so, is I[dp]S a STUPID technology?] Valdis . Kletnieks (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- IPS as anti ddos???? [was: Re: so, is I[dp]S a STUPID technology?] Gadi Evron (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)