[89678] in North American Network Operators' Group
Re: recommendations regarding IPS
daemon@ATHENA.MIT.EDU (Fergie)
Fri Mar 31 21:08:27 2006
From: "Fergie" <fergdawg@netzero.net>
Date: Sat, 1 Apr 2006 02:07:09 GMT
To: ge@linuxbox.org
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
Very. That (several sensors), and honeypots. You need to have
tiered security posture... an IDS is not an 'end-all-be all'
sort of thing -- it's just another tool.
Personal experience and opinion, of course. :-)
$.02,
- ferg
ps. I don't believe in 'self-defending' IPS autocracy stuff;
you usually end up sepnding more time clearing auto traps as you
do setting them up. :-)
-- Gadi Evron <ge@linuxbox.org> wrote:
Fergie wrote:
Hi Ferg, :)
> All-in-all, I find that an IDS (NFR-style) has a quite useful
> utility.
How is it useful for your network?
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg@netzero.net or fergdawg@sbcglobal.net
ferg's tech blog: http://fergdawg.blogspot.com/
