[177759] in North American Network Operators' Group
Re: Checkpoint IPS
daemon@ATHENA.MIT.EDU (Michael O Holstein)
Thu Feb 5 08:13:39 2015
X-Original-To: nanog@nanog.org
From: Michael O Holstein <michael.holstein@csuohio.edu>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Thu, 5 Feb 2015 13:13:26 +0000
In-Reply-To: <000801d04143$57b9c0f0$072d42d0$@gmail.com>
Errors-To: nanog-bounces@nanog.org
=0A=
>> `` =91IPS=92 devices require artificially-engineered topological symmetr=
y-=0A=
>> can have a negative impact on resiliency via path diversity.''=0A=
>=0A=
>Dang, I thought this quote was from an April 1st RFC when I first read it.=
=0A=
>=0A=
>I hate to be the bearer of bad news, but everything we do is "artificial".=
=0A=
>There are no routers in nature, no IP packets, no fiber optics. There is n=
o=0A=
>such thing as "natural engineering" -- engineering is "artificial" by=0A=
>definition.=0A=
=0A=
You're forgetting that such things are rarely read (in time) by the people =
that actually implement and use such a product .. that language is targeted=
at the pointy-haired crowd.=0A=
Salespeople *hate* it when they get a technical resource instead of a manag=
ement one because "it's magic, it's artificial intelligence, etc." just doe=
sn't fly with us.=0A=
=0A=
Personally I'm of the belief that *all* IPS systems are equally worthless, =
unless the goal is to just check a box on a form. Sure they will give you p=
retty graphs of script-kiddie attempts but that's just the noise in which t=
he skilled attack will get lost. You have to do everything else right, you =
can't just plug the "magic box" inline and expect to relax.=0A=
=0A=
My 0.02.=0A=
=0A=
Michael Holstein=0A=
Cleveland State University=0A=
2=
