[89676] in North American Network Operators' Group
Re: recommendations regarding IPS
daemon@ATHENA.MIT.EDU (Fergie)
Fri Mar 31 20:54:54 2006
From: "Fergie" <fergdawg@netzero.net>
Date: Sat, 1 Apr 2006 01:53:12 GMT
To: ge@linuxbox.org
Cc: spamjail@mmicman.com, Stefan.Hegger@lycos-europe.com,
rs@seastrom.com, nanog@merit.edu
Errors-To: owner-nanog@merit.edu
I sent a reply privately earlier to original request, about my own
personal preferences, but Gadi's reply prompted me to respond
publicly. :-)
All-in-all, I find that an IDS (NFR-style) has a quite useful
utility.
Your choice of such a utility is, of ourse, another matter
entirely. :-)
- ferg
-- Gadi Evron <ge@linuxbox.org> wrote:
Edward W. Ray wrote:
> Tipping Point IPS is the gold standard these days. Signature-based, w=
hich
> annual fee to get the signatures. Signatures are usually weekly at a
> minimum. I use the Unity 50, but they do have Gbps IPS. All of their=
IPSes
> are "bump-in-the-wire" which means that you do not have to assign an a=
ddress
> (operates at layer2 instead of layer 3). =
Not to say anything about Edward, but this thread is going to be mostly =
=
full of commercial injections.
Except for one network I have been in charge with I have never found the=
=
need for any I[DP]S product and find them an almost complete waste of =
time and money.
Gadi.
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg@netzero.net or fergdawg@sbcglobal.net
ferg's tech blog: http://fergdawg.blogspot.com/
