Re: Checkpoint IPS

[Colin Johnston <colinj () gt86car org uk>]

yes, using new rules via test ips good best practice as well.


> On 6 Feb 2015, at 16:47, Darden, Patrick <Patrick.Darden () p66 com> wrote:
>
>
> Auto-Update can cause problems.  I take the stance that updates should be verified in a CERT or ISO first, before 
> being operationalized.
> --p
>
> -----Original Message-----
> From: Colin Johnston [mailto:colinj () gt86car org uk] 
> Sent: Friday, February 06, 2015 10:46 AM
> To: Darden, Patrick
> Cc: Colin Johnston; Roland Dobbins; nanog () nanog org
> Subject: [EXTERNAL]Re: Checkpoint IPS
>
> Yes, update can cause problems, same as router code updates as well.
> but update is price of progress.
>
> Col
>
> > On 6 Feb 2015, at 16:44, Darden, Patrick <Patrick.Darden () p66 com> wrote:
> >
> >
> > Sorry, didn't mean to imply otherwise.  Had an incident back in ~2004 where an IPS signature update closed ALL 
> > network traffic.  Including fix-it updates.  Definitely a case where the IPS caused major difficulties for a network.
> >
> > --p
> >
> > -----Original Message-----
> > From: Colin Johnston [mailto:colinj () gt86car org uk] 
> > Sent: Friday, February 06, 2015 10:32 AM
> > To: Darden, Patrick
> > Cc: Colin Johnston; Roland Dobbins; nanog () nanog org
> > Subject: [EXTERNAL]Re: Checkpoint IPS
> >
> > Thought I would add
> >
> > Astaro IPS works great, great functionality and does prevent ddos and exploits.
> >
> > Colin