[177839] in North American Network Operators' Group
Re: Checkpoint IPS
daemon@ATHENA.MIT.EDU (Colin Johnston)
Fri Feb 6 11:53:44 2015
X-Original-To: nanog@nanog.org
From: Colin Johnston <colinj@gt86car.org.uk>
In-Reply-To: <c4e4a844614c466fa0bf1b7fb4458485@BRTEXMB02.phillips66.net>
Date: Fri, 6 Feb 2015 16:49:09 +0000
To: "Darden, Patrick" <Patrick.Darden@p66.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
yes, using new rules via test ips good best practice as well.
> On 6 Feb 2015, at 16:47, Darden, Patrick <Patrick.Darden@p66.com> =
wrote:
>=20
>=20
> Auto-Update can cause problems. I take the stance that updates should =
be verified in a CERT or ISO first, before being operationalized.
> --p
>=20
> -----Original Message-----
> From: Colin Johnston [mailto:colinj@gt86car.org.uk]=20
> Sent: Friday, February 06, 2015 10:46 AM
> To: Darden, Patrick
> Cc: Colin Johnston; Roland Dobbins; nanog@nanog.org
> Subject: [EXTERNAL]Re: Checkpoint IPS
>=20
> Yes, update can cause problems, same as router code updates as well.
> but update is price of progress.
>=20
> Col
>=20
>> On 6 Feb 2015, at 16:44, Darden, Patrick <Patrick.Darden@p66.com> =
wrote:
>>=20
>>=20
>> Sorry, didn't mean to imply otherwise. Had an incident back in ~2004 =
where an IPS signature update closed ALL network traffic. Including =
fix-it updates. Definitely a case where the IPS caused major =
difficulties for a network.
>>=20
>> --p
>>=20
>> -----Original Message-----
>> From: Colin Johnston [mailto:colinj@gt86car.org.uk]=20
>> Sent: Friday, February 06, 2015 10:32 AM
>> To: Darden, Patrick
>> Cc: Colin Johnston; Roland Dobbins; nanog@nanog.org
>> Subject: [EXTERNAL]Re: Checkpoint IPS
>>=20
>> Thought I would add
>>=20
>> Astaro IPS works great, great functionality and does prevent ddos and =
exploits.
>>=20
>> Colin
>>=20
>=20
