Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   IPS + data center (http://www.velocityreviews.com/forums/t394678-ips-data-center.html)

mikahan 01-08-2007 01:02 PM

IPS + data center
 
Hello

I mull over how installation of IPS
device can increase security of data
center where the only service are http,
https and domain.

Could someone help me in deliberations ?


regards
mikahan

Todd H. 01-08-2007 02:50 PM

Re: IPS + data center
 
mikahan <address@address.hidden> writes:

> Hello
>
> I mull over how installation of IPS
> device can increase security of data
> center where the only service are http,
> https and domain.
>
> Could someone help me in deliberations ?


Would it help to say that among the paths to intrusion most favored by
attackers are attacks against web applications?

Without IDS/IPS there's nothing alerting you to suspicious http attack
signatures, and nothing locking out the IP's of script kiddies running
scripted attacks against common web application errors.

IPS isn't a substitute for having your web applications and server
configuration pen tested though, to identify vulnerabilities.

Best Regards,
--
Todd H.
http://www.toddh.net/

Sebastian Gottschalk 01-08-2007 04:34 PM

Re: IPS + data center
 
Todd H. wrote:

> Without IDS/IPS there's nothing alerting you to suspicious http attack
> signatures, and nothing locking out the IP's of script kiddies running
> scripted attacks against common web application errors.


A wonderful example why such IPSs are stupid. The "script kiddies" will
spoof IP addresses of important hosts and your IP blocking will turn into a
Self-DoS.

Only a fool would implement automatic reactions to IDS events.

mikahan 01-09-2007 09:21 AM

Re: IPS + data center
 
Sebastian Gottschalk napisaƂ(a):
> A wonderful example why such IPSs are stupid. The "script kiddies" will
> spoof IP addresses of important hosts and your IP blocking will turn into a
> Self-DoS.
>
> Only a fool would implement automatic reactions to IDS events.


True. But I can turn off DOS blocking option for several host.
I'am convinced that IPS in corporate network will very useful but what with data
center ?

Does IPS help securing serwers agains XSS, SQL injection, buffer overflow code
sending to server ? What else ?

And the final question is: what is the sense to shell 80k$ for such device ?






Sebastian Gottschalk 01-09-2007 09:37 AM

Re: IPS + data center
 
mikahan wrote:

> Sebastian Gottschalk napisał(a):
>> A wonderful example why such IPSs are stupid. The "script kiddies" will
>> spoof IP addresses of important hosts and your IP blocking will turn into a
>> Self-DoS.
>>
>> Only a fool would implement automatic reactions to IDS events.

>
> True. But I can turn off DOS blocking option for several host.


If you turn off the part of the IPS that puts in the reaction to the
events, then you basically have an IDS.

> I'am convinced that IPS in corporate network will very useful but what with data
> center ?


An IPS is never useful. An IDS might be, depending on your scenario.

Generally, and IDS in a corporate network is indeed a very bad idea, since
it requires a lot of maintain, but provides only little security benefit.
With a data center, you requirements might be neater, which would increase
the benefit and narrow the necessary maintain.

> Does IPS help securing serwers agains XSS, SQL injection, buffer overflow code
> sending to server ? What else ?


That depends on the IPS. Even with signature-based approaches, many
implementation do not take action on the initial event, but rather only
following events matching the signature of the initial events - thus, if it
reacts, it might already be too late.

What about securing the servers themselves instead?

> And the final question is: what is the sense to shell 80k$ for such device ?


An extra filled field at buzzword bingo. And a +1 modifier (non-magic ATK)
for your favorite LART tool.


All times are GMT. The time now is 08:13 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.