Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: IPS vs. Firewalls
From: ArkanoiD <ark () eltex net>
Date: Thu, 2 Feb 2006 19:00:08 +0300


IPS can be (and are being) successfully evaded by fragmentation attacks.
Even worse, signature-based approach is flawed anyways. Internet protocol
security relies on managing data flow, not on trying to find "attacks" in it.
There is zillion ways to do bad things and no IPS can handle it.

(I'd even say that anyone who seriously claim that IPS can replace firewall
is stupid moron with lack of understanding even security basics, and if
those people are allowed to make technical decisions your company has damn
big management problems)

On Mon, Dec 26, 2005 at 04:39:51PM +0900, Phil Albacore wrote:
Long time listener, first time poster...

Some of the managers at my company are pushing to get rid of our firewall in exchange for IPS devices. They've heard 
that IPS sensors can be used to block traffic, so they've got it in their heads that we don't need a firewall 
anymore. I'm wondering if anyone on this list can give me a few salient points that can be used to rebuke this 


The one point that springs to mind immediately is that a firewall is (hopefully) a default deny device while an IPS 
is a default allow device. Putting aside that IPS and firewalls operate at different layers and so block based on 
different parameters, a default deny device is more likely to block 0 day attacks. Do you all agree with this 
statement and do you have any others that typical management can understand? 



Thanks for your help,

Phil A.

firewall-wizards mailing list
firewall-wizards () honor icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]