[177764] in North American Network Operators' Group
RE: Re: Checkpoint IPS
daemon@ATHENA.MIT.EDU (Darden, Patrick)
Thu Feb 5 08:35:09 2015
X-Original-To: nanog@nanog.org
From: "Darden, Patrick" <Patrick.Darden@p66.com>
To: Roland Dobbins <rdobbins@arbor.net>, "nanog@nanog.org" <nanog@nanog.org>
Date: Thu, 5 Feb 2015 13:30:11 +0000
In-Reply-To: <C017DC9A-C4E7-432F-B3D3-2641441FA04C@arbor.net>
Errors-To: nanog-bounces@nanog.org
" Securing hosts/applications/services themselves is the way to protect the=
m from compromise."
Can't go wrong with defense in depth. I'd definitely throw securing router=
s in there, throw in firewalls, periodic internal scanning for idiot mistak=
es, audits, etc.
I still think IPS/IDSes can be wielded to good effect in several different =
scenarios--e.g. just before the core switch (or spanning the core switch) o=
f a PCN network, alerting to anything going on intra vs. inter.
--p
-----Original Message-----
From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Roland Dobbins
Sent: Thursday, February 05, 2015 7:20 AM
To: nanog@nanog.org
Subject: [EXTERNAL]Re: Checkpoint IPS
On 5 Feb 2015, at 20:13, Michael O Holstein wrote:
> Personally I'm of the belief that *all* IPS systems are equally=20
> worthless, unless the goal is to just check a box on a form.
Concur 100%.
Securing hosts/applications/services themselves is the way to protect them =
from compromise.
-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
