Prev: Watchguard X500, dns error
Next: FIX: Wireless access point on IPcop Blue network
From: leonardodiserpierodavinci on 22 Jan 2008 02:55
On Jan 21, 7:29 pm, "Sebastian G." <se...(a)seppig.de> wrote:
> No, because of spoofing. Consider that an IPS blocks automatically every
> hosts that seems to attack them. Now, as an attacker, I'd spoof all relevant
> legitimate hosts, and the IPS would block access to them - a wonderful
> Denial of Service, trademark "self-created". Without a whitelist, you'll
> even disconnect yourself from your very own hosts, f.e. a DNS server.

Well, a decent IDS/IPS is supposed to be smarter than that ;-)

> Dump the idea of an IPS for the mentioned reasons. Carefully calculate the
> actual costs of sensibly reading and evaluating the IDS output, and compare
> it to the marginal security benefits it offers - and most likely you'll end
> up dumping the IDS as well.

So how do you protect your network (and ensure it stays protected)?
From: Sebastian G. on 22 Jan 2008 07:38
leonardodiserpierodavinci(a)gmail.com wrote:

> On Jan 21, 7:29 pm, "Sebastian G." <se...(a)seppig.de> wrote:
>> No, because of spoofing. Consider that an IPS blocks automatically every
>> hosts that seems to attack them. Now, as an attacker, I'd spoof all relevant
>> legitimate hosts, and the IPS would block access to them - a wonderful
>> Denial of Service, trademark "self-created". Without a whitelist, you'll
>> even disconnect yourself from your very own hosts, f.e. a DNS server.
>
> Well, a decent IDS/IPS is supposed to be smarter than that ;-)


Spoofing is not just limited to host, and you can't create any general
whitelist, so "smartness" (whatever this is, since AI isn't developed so
far) won't help.

> So how do you protect your network (and ensure it stays protected)?


Host security and firewalling?
From: leonardodiserpierodavinci on 22 Jan 2008 09:02
On Jan 22, 1:38 pm, "Sebastian G." <se...(a)seppig.de> wrote:

> Host security and firewalling?

Of course, these are the basis. So you suggest to avoid IDS/IPS. Is
there any other security layer that can be added?
From: Sebastian G. on 22 Jan 2008 12:35
leonardodiserpierodavinci(a)gmail.com wrote:

> On Jan 22, 1:38 pm, "Sebastian G." <se...(a)seppig.de> wrote:
>
>> Host security and firewalling?
>
> Of course, these are the basis. So you suggest to avoid IDS/IPS. Is
> there any other security layer that can be added?


Strong encryption and authentication. Access control for the network, f.e.
via IEEE 802.11X, RADIUS etc.
First  |  Prev  | 
Pages: 1 2
Prev: Watchguard X500, dns error
Next: FIX: Wireless access point on IPcop Blue network