RE: How to choose an IDS/FW MSS provider

["Chris Harrington" <charrington () nitrosecurity com>]

-----Original Message-----
From: Adam Powers [mailto:apowers () lancope com]
 
> Besides, the device still needs an IP on the local network for management.
Sounds like security through obscurity to me.

You do not need an IP address to manage an IPS. You just have to route the
management traffic through the IPS if you want to do in band management.
Telco equipment has been doing this sort of thing for a while. There are
instances where a management interface with an IP makes sense but it is not
required.

> With the obvious success of IPS technologies at the perimeter, I find it
hard to believe that IPS and FW >technologies will remain disparate
technologies for more than a few more years. The IPS vendors need to >do one
of two things:

> 1. Find a good firewall vendor to acquire them or 2. Build a full featured
firewall from scratch.

I think you're looking in the wrong direction strategically. IPS at the edge
devices (i.e. switch ports) is the next frontier. Protecting the core from
the distribution layer and workstations from other workstations is next. You
already have some IPS vendors rushing in this direction. IPS at the network
perimeter is old hat by now. There may be some more convergence down the
road in the FW / IPS space but I don’t see much more.


--Chris


Christopher Harrington, CISSP
Director, Nitro Threat Analysis Center
nitrosecurity
o: 603.766.8160 x25
c: 603.969.0592
e: charrington () nitrosecurity com
w: www.nitrosecurity.com
Skype: chrisharrington



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------