Firewall Wizards: Re: IPS vs. Firewalls

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

Re: IPS vs. Firewalls

From: Gabriele Buratti <gabriele.buratti () netasq com>
Date: Fri, 03 Feb 2006 14:29:14 +0100

ArkanoiD wrote:

(I'd even say that anyone who seriously claim that IPS can replace firewall
is stupid moron with lack of understanding even security basics, and if
those people are allowed to make technical decisions your company has damn
big management problems)


I agree, but something must be added.

A pure IPS can't replace a firewall if it's doing just applicationprotocol analisys/control. You still need policies. A IPS-firewall(stateful inspection + policy + layer7 inspection) can replace andsometimes do better than a firewall (stateful inspection + policy)



        regards
        Gabriele

Attachment: gabriele.buratti.vcf
Description:

By Date By Thread

Current thread:

Re: IPS vs. Firewalls, (continued)
- Re: IPS vs. Firewalls ArkanoiD (Feb 02)
  - Management vs. IT staff (was: Re: IPS vs. Firewalls) Patrick M. Hausen (Feb 02)
    - Re: Management vs. IT staff (was: Re: IPS vs. Firewalls) ArkanoiD (Feb 03)
  - Re: IPS vs. Firewalls Kevin (Feb 02)
    - RE: IPS vs. Firewalls Paul Melson (Feb 07)
  - Re: IPS vs. Firewalls Gabriele Buratti (Feb 03)
- Message not available
  - Re: IPS vs. Firewalls Marcus J. Ranum (Feb 02)
    - Re: IPS vs. Firewalls (why vs. ?) Gabriele Buratti (Feb 03)
    - Re: IPS vs. Firewalls (why vs. ?) Marcus J. Ranum (Feb 07)
    - Re: IPS vs. Firewalls (why vs. ?) Dave Piscitello (Feb 07)
    - Re: IPS vs. Firewalls (why vs. ?) Gabriele Buratti (Feb 07)