[177765] in North American Network Operators' Group
Re: Checkpoint IPS
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Thu Feb 5 08:38:11 2015
X-Original-To: nanog@nanog.org
From: "Roland Dobbins" <rdobbins@arbor.net>
To: nanog@nanog.org
Date: Thu, 05 Feb 2015 20:34:36 +0700
In-Reply-To: <000801d04143$57b9c0f0$072d42d0$@gmail.com>
Errors-To: nanog-bounces@nanog.org
On 5 Feb 2015, at 19:57, Terry Baranski wrote:
> I hate to be the bearer of bad news, but everything we do is
> "artificial". There are no routers in nature, no IP packets, no fiber
> optics. There is no such thing as "natural engineering" -- engineering
> is "artificial" by definition.
This isn't even worthy of comment, so I won't.
> But there's no overstating the usefulness of a properly-tuned IPS for
> attack prevention
I've never heard a plausible anecdote, much less seen meaningful
statistics, of these devices actually 'preventing' anything.
I have, however, run into many, many situations in which these devices
demonstrably degraded the security posture of network operators,
particularly when placed in front of servers or broadband access
networks. For example, they're laughably easy to DDoS due to state
exhaustion - which is what is the main point of the presentation you
reference.
And the fact that well-known evasion techniques still work against these
devices today, coupled with the undeniable proliferation of compromised
hosts residing within networks supposedly 'protected' by these devices,
militates against your proposition.
-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
