nanog mailing list archives
Re: Checkpoint IPS
From: Michael Hallgren <m.hallgren () free fr>
Date: Thu, 05 Feb 2015 15:11:52 +0100
Le 05/02/2015 14:28, Terry Baranski a écrit :
On 5 Feb 2015, at 08:13, Michael Hallgren wrote:Sure they will give you pretty graphs of script-kiddie attempts but that's just the noise in which the skilled attack will get lost.
No, Terry, I didn't write that ! :-) Cheers, mh
Sorry but this is not even in the neighborhood of what a properly-implemented IPS does. I can certainly see why you think they're worthless though. :-) -Terry -----Original Message----- From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Michael O Holstein Sent: Thursday, February 05, 2015 8:13 AM To: nanog () nanog org Subject: Re: Checkpoint IPS`` 'IPS' devices require artificially-engineered topological symmetry- can have a negative impact on resiliency via path diversity.''Dang, I thought this quote was from an April 1st RFC when I first read it. I hate to be the bearer of bad news, but everything we do is "artificial". There are no routers in nature, no IP packets, no fiber optics. There is no such thing as "natural engineering" -- engineering is "artificial" by definition.You're forgetting that such things are rarely read (in time) by the people that actually implement and use such a product .. that language is targeted at the pointy-haired crowd. Salespeople *hate* it when they get a technical resource instead of a management one because "it's magic, it's artificial intelligence, etc." just doesn't fly with us. Personally I'm of the belief that *all* IPS systems are equally worthless, unless the goal is to just check a box on a form. Sure they will give you pretty graphs of script-kiddie attempts but that's just the noise in which the skilled attack will get lost. You have to do everything else right, you can't just plug the "magic box" inline and expect to relax. My 0.02. Michael Holstein Cleveland State University 2=
Current thread:
- Re: Checkpoint IPS, (continued)
- Re: Checkpoint IPS Valdis . Kletnieks (Feb 05)
- Re: Checkpoint IPS Roland Dobbins (Feb 04)
- Re: Checkpoint IPS Michael Hallgren (Feb 04)
- RE: Checkpoint IPS Terry Baranski (Feb 05)
- Re: Checkpoint IPS Michael O Holstein (Feb 05)
- Re: Checkpoint IPS Roland Dobbins (Feb 05)
- RE: Re: Checkpoint IPS Darden, Patrick (Feb 05)
- Re: Checkpoint IPS Skeeve Stevens (Feb 05)
- RE: Checkpoint IPS Darden, Patrick (Feb 05)
- RE: Checkpoint IPS Terry Baranski (Feb 05)
- Re: Checkpoint IPS Michael Hallgren (Feb 05)
- Re: Checkpoint IPS Michael Hallgren (Feb 04)
- Re: Checkpoint IPS jim deleskie (Feb 05)
- Re: Checkpoint IPS Michael Hallgren (Feb 05)
- Re: Checkpoint IPS Nick Hilliard (Feb 05)
- Re: Checkpoint IPS Roland Dobbins (Feb 05)
- Re: Checkpoint IPS Terry Baranski (Feb 05)
- Re: Checkpoint IPS Valdis . Kletnieks (Feb 05)
- Re: Checkpoint IPS Terry Baranski (Feb 05)
- Re: Checkpoint IPS Roland Dobbins (Feb 05)
- RE: Checkpoint IPS Terry Baranski (Feb 05)
- Re: Checkpoint IPS Roland Dobbins (Feb 05)