Checkpoint IPS

Darden, Patrick Patrick.Darden at p66.com
Thu Feb 5 13:25:59 UTC 2015


Like most tools, IPSes are only as good as the people using them.

+10  "you can't just plug the "magic box" inline and expect to relax"

IPSes can't replace a well administered modern firewall, with default deny, well defined protocols with sanity checking, etc.  But imho they can help--e.g. with an internal well-protected network that shouldn't even be able to be attacked, but some dude picked up a usb key in the parking lot and plugged it into his PC to see what was on it.  No firewall will help with this--but an IDS/IPS will.

And no box is magic (another +10), despite the marketing droids' nebulous talk of clouds and AI and harnessing the power of the nuclear-nano-crowd-source.  They all need active attention by knowledgeable and intelligent people.

--p

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Michael O Holstein
Sent: Thursday, February 05, 2015 7:13 AM
To: nanog at nanog.org
Subject: [EXTERNAL]Re: Checkpoint IPS
<clip>
Personally I'm of the belief that *all* IPS systems are equally worthless, unless the goal is to just check a box on a form. Sure they will give you pretty graphs of script-kiddie attempts but that's just the noise in which the skilled attack will get lost. You have to do everything else right, you can't just plug the "magic box" inline and expect to relax.
<clip>
Michael Holstein
Cleveland State University
2



More information about the NANOG mailing list