Penetration Testing mailing list archives
Re: IPS arguments
From: arvind doraiswamy <arvind.doraiswamy () gmail com>
Date: Thu, 19 Feb 2009 08:44:54 +0530
A firewall is only going to block or allow traffic on specific ports from specific (hopefully) IP addresses. Endpoint Protection is basically similar to an Antivirus installed on multiple desktops so its going to prevent known viruses/malware/trojans from executing on the desktop machines; probably servers too if its installed there as well. Neither of these are going to: a) Monitor suspicious traffic on known ports. Say for a web app running on 80 or 443 attacked using SQL injection .. or your Webmail interface or for that matter any service which is exposed to the outside world b) If there are techies to look at and analyze traffic logs, you wont be aware of any new attacks/attempts at attacks at all from the outside world. If you have an IDS/IPS its usually updated with new signatures for the same, and you can tune it also based on traffic patterns as well(anomaly based IDS). In the end though its dependent on what data yur client is trying to protect and what other limitations they have. If for example no one's ever going to look at IDS logs it will become another box in a week = a waste of money. Cheers Arvind On Sat, Feb 14, 2009 at 8:04 PM, Hugo Vinicius Garcia Razera <hviniciusg () gmail com> wrote:
Hello Gentleman's, I have finished a penetration testing to a client like a month ago. The company i worked for used some practices that i don't agree with. that's one of the reasons i resigned. any way they managed to shell the audited company a CISCO IPS using the results of the pen test. Well the thing is that the CIO of that company is refusing to install the IPS on their network even after his company has already put a buy order for the equipment and said IPS is know on their building but he refuses to install such equipment, augmenting that it is totally unnecessary because they all ready have an Microsoft ISA server Firewall in place, and symantec enpoint protection on the clients machine. Can any one point me why, they need an IPS? The old company i worked for wants me to penetrate their network, to proof them they need an IPS . this time I'm thinking on deploying an old Trojan i coded. but i would like to have more compelling arguments on why some one needs an IPS thanks for the time replying to my questions Hugo
Current thread:
- IPS arguments Hugo Vinicius Garcia Razera (Feb 18)
- Re: IPS arguments Javier Reyna (Feb 20)
- Re: IPS arguments arvind doraiswamy (Feb 20)
- Re: IPS arguments Esteban Farao (Feb 20)
- Re: IPS arguments JiPi DiNi (Feb 20)
- RE: IPS arguments Shenk, Jerry A (Feb 20)
- Re: IPS arguments M.D.Mufambisi (Feb 20)
- Re: IPS arguments Micheal Cottingham (Feb 22)
- Re: IPS arguments Danny Fullerton (Feb 22)
- Re: IPS arguments Javier Reyna (Feb 26)
- Re: IPS arguments Trygve Aasheim (Feb 27)
- Re: IPS arguments Webmaster 003 (Feb 27)
- Re: IPS arguments Keith Pasley Com6 (Feb 22)