nanog mailing list archives
Re: recommendations regarding IPS
From: "Fergie" <fergdawg () netzero net>
Date: Sat, 1 Apr 2006 01:53:12 GMT
I sent a reply privately earlier to original request, about my own personal preferences, but Gadi's reply prompted me to respond publicly. :-) All-in-all, I find that an IDS (NFR-style) has a quite useful utility. Your choice of such a utility is, of ourse, another matter entirely. :-) - ferg -- Gadi Evron <ge () linuxbox org> wrote: Edward W. Ray wrote:
Tipping Point IPS is the gold standard these days. Signature-based, which annual fee to get the signatures. Signatures are usually weekly at a minimum. I use the Unity 50, but they do have Gbps IPS. All of their IPSes are "bump-in-the-wire" which means that you do not have to assign an address (operates at layer2 instead of layer 3).
Not to say anything about Edward, but this thread is going to be mostly
full of commercial injections.
Except for one network I have been in charge with I have never found the
need for any I[DP]S product and find them an almost complete waste of
time and money.
Gadi.
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg () netzero net or fergdawg () sbcglobal net
ferg's tech blog: http://fergdawg.blogspot.com/
Current thread:
- recommendations regarding IPS Hegger, Stefan (Mar 31)
- Re: recommendations regarding IPS Robert E . Seastrom (Mar 31)
- Re: recommendations regarding IPS Hegger, Stefan (Mar 31)
- RE: recommendations regarding IPS Edward W. Ray (Mar 31)
- Re: recommendations regarding IPS Gadi Evron (Mar 31)
- RE: recommendations regarding IPS Edward W. Ray (Mar 31)
- Re: recommendations regarding IPS Hegger, Stefan (Mar 31)
- Re: recommendations regarding IPS Valdis . Kletnieks (Mar 31)
- Re: recommendations regarding IPS Robert E . Seastrom (Mar 31)
- <Possible follow-ups>
- Re: recommendations regarding IPS Fergie (Mar 31)
- Re: recommendations regarding IPS Gadi Evron (Mar 31)
- Re: recommendations regarding IPS Fergie (Mar 31)