Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: IPS vs. Firewalls

Re: IPS vs. Firewalls

From: Mark Teicher <mht3_at_earthlink.net>
Date: Thu, 2 Feb 2006 14:51:38 -0500 (GMT-05:00)

>Phil Albacore wrote:
>>They've heard that IPS sensors can be used to block traffic, so they've got it in their heads that we don't need a firewall anymore.

I would suggest http://www.ranum.com/security/computer_security/papers/a1-firewall/index.html if you would like to save money in your IT Network Security Budget on IPS/IDS Budget line item and Firewall Budget line item.

-----Original Message-----
>From: "Marcus J. Ranum" <mjr_at_ranum.com>
>Sent: Feb 2, 2006 12:33 PM
>To: Phil Albacore <phila_at_msgsPostini01.kvh.co.jp>, firewall-wizards_at_honor.icsalabs.com
>Subject: Re: [fw-wiz] IPS vs. Firewalls
>
>Phil Albacore wrote:
>>They've heard that IPS sensors can be used to block traffic, so they've got it in their heads that we don't need a firewall anymore.
>
>I'd suggest you have them ask a few of the IPS vendors if they recommend
>using their product in that manner. Unless you're talking to the IPS vendors
>that are basically selling a firewall+signatures (like a "deep packet inspection"
>firewall) they will backpedal away from that very rapidly. Perhaps your
>path of least resistance is to tell them that you want one of the new
>generation "IPS firewalls" then you can turn off the IPS crap (which
>won't do anything except slow the firewall down, anyhow) and use the
>firewall rules. The only problem with that is that most of the IPS firewalls
>are little more than a cheesy "stateful" packet filter with a few dozen
>signatures hammered into the packet forwarder loop. I'd be being
>uncharacteristically generous if I said that they "suck" - they're not
>nearly that good.
>
>I've got to thank you for asking the question; it made me look at a few of
>the IPS vendor claims to see if many of them have the guts to say they
>replace a firewall. I particularly got a chuckle out of Intruvert's (now NAI)
>claim that they protect against encrypted attacks. I needed some yuks
>to lighten up my morning!!
>
>I quote: " McAfee IntruShield delivers comprehensive protection against
>today’s constantly evolving threats, including known, zero-day, and
>encrypted attacks."
>Wow -- that does sound pretty good. I guess you don't need a firewall
>after all!!
>
>mjr.
>
>_______________________________________________
>firewall-wizards mailing list
>firewall-wizards_at_honor.icsalabs.com
>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 02 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos