This worked for me:
1 - Sarbanes-Oxley - Management suddenly becomes attentive at this word
2 - Honeypot protected by IPS
3 - White Hacking/Probing "consultants" for the IPS honeypot.
It is called the cost opportunity. How much are you willing to spend
(considered as a loss) to gain (protect) assets (value).
If you cannot convince management to go the way you want and feel
confortable with, my suggestion is to change the company because it's
going to bite you in the back-firewall :-) at the end!
My2PlasticCents
Julian
On 2/2/06, Mark Teicher <mht3_at_earthlink.net> wrote:
> >Phil Albacore wrote:
> >>They've heard that IPS sensors can be used to block traffic, so they've got it in their heads that we don't need a firewall anymore.
>
>
> I would suggest http://www.ranum.com/security/computer_security/papers/a1-firewall/index.html if you would like to save money in your IT Network Security Budget on IPS/IDS Budget line item and Firewall Budget line item.
>
>
> -----Original Message-----
> >From: "Marcus J. Ranum" <mjr_at_ranum.com>
> >Sent: Feb 2, 2006 12:33 PM
> >To: Phil Albacore <phila_at_msgsPostini01.kvh.co.jp>, firewall-wizards_at_honor.icsalabs.com
> >Subject: Re: [fw-wiz] IPS vs. Firewalls
> >
> >Phil Albacore wrote:
> >>They've heard that IPS sensors can be used to block traffic, so they've got it in their heads that we don't need a firewall anymore.
> >
> >I'd suggest you have them ask a few of the IPS vendors if they recommend
> >using their product in that manner. Unless you're talking to the IPS vendors
> >that are basically selling a firewall+signatures (like a "deep packet inspection"
> >firewall) they will backpedal away from that very rapidly. Perhaps your
> >path of least resistance is to tell them that you want one of the new
> >generation "IPS firewalls" then you can turn off the IPS crap (which
> >won't do anything except slow the firewall down, anyhow) and use the
> >firewall rules. The only problem with that is that most of the IPS firewalls
> >are little more than a cheesy "stateful" packet filter with a few dozen
> >signatures hammered into the packet forwarder loop. I'd be being
> >uncharacteristically generous if I said that they "suck" - they're not
> >nearly that good.
> >
> >I've got to thank you for asking the question; it made me look at a few of
> >the IPS vendor claims to see if many of them have the guts to say they
> >replace a firewall. I particularly got a chuckle out of Intruvert's (now NAI)
> >claim that they protect against encrypted attacks. I needed some yuks
> >to lighten up my morning!!
> >
> >I quote: " McAfee IntruShield delivers comprehensive protection against
> >today's constantly evolving threats, including known, zero-day, and
> >encrypted attacks."
> >Wow -- that does sound pretty good. I guess you don't need a firewall
> >after all!!
> >
> >mjr.
> >
> >_______________________________________________
> >firewall-wizards mailing list
> >firewall-wizards_at_honor.icsalabs.com
> >http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards_at_honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 03 2006
Intro
