|
Posted by Sebastian Gottschalk on January 9, 2007, 4:37 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Sebastian Gottschalk napisał(a):
>> A wonderful example why such IPSs are stupid. The "script kiddies" will
>> spoof IP addresses of important hosts and your IP blocking will turn into a
>> Self-DoS.
>>
>> Only a fool would implement automatic reactions to IDS events.
>
> True. But I can turn off DOS blocking option for several host.
If you turn off the part of the IPS that puts in the reaction to the
events, then you basically have an IDS.
> I'am convinced that IPS in corporate network will very useful but what with
data
> center ?
An IPS is never useful. An IDS might be, depending on your scenario.
Generally, and IDS in a corporate network is indeed a very bad idea, since
it requires a lot of maintain, but provides only little security benefit.
With a data center, you requirements might be neater, which would increase
the benefit and narrow the necessary maintain.
> Does IPS help securing serwers agains XSS, SQL injection, buffer overflow code
> sending to server ? What else ?
That depends on the IPS. Even with signature-based approaches, many
implementation do not take action on the initial event, but rather only
following events matching the signature of the initial events - thus, if it
reacts, it might already be too late.
What about securing the servers themselves instead?
> And the final question is: what is the sense to shell 80k$ for such device ?
An extra filled field at buzzword bingo. And a +1 modifier (non-magic ATK)
for your favorite LART tool.
| 
XML site map