IPS + data center

Discussion in 'Computer Security' started by mikahan, Jan 8, 2007.

  1. mikahan

    mikahan Guest

    Hello

    I mull over how installation of IPS
    device can increase security of data
    center where the only service are http,
    https and domain.

    Could someone help me in deliberations ?


    regards
    mikahan
    mikahan, Jan 8, 2007
    #1
    1. Advertising

  2. mikahan

    Todd H. Guest

    mikahan <> writes:

    > Hello
    >
    > I mull over how installation of IPS
    > device can increase security of data
    > center where the only service are http,
    > https and domain.
    >
    > Could someone help me in deliberations ?


    Would it help to say that among the paths to intrusion most favored by
    attackers are attacks against web applications?

    Without IDS/IPS there's nothing alerting you to suspicious http attack
    signatures, and nothing locking out the IP's of script kiddies running
    scripted attacks against common web application errors.

    IPS isn't a substitute for having your web applications and server
    configuration pen tested though, to identify vulnerabilities.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
    Todd H., Jan 8, 2007
    #2
    1. Advertising

  3. Todd H. wrote:

    > Without IDS/IPS there's nothing alerting you to suspicious http attack
    > signatures, and nothing locking out the IP's of script kiddies running
    > scripted attacks against common web application errors.


    A wonderful example why such IPSs are stupid. The "script kiddies" will
    spoof IP addresses of important hosts and your IP blocking will turn into a
    Self-DoS.

    Only a fool would implement automatic reactions to IDS events.
    Sebastian Gottschalk, Jan 8, 2007
    #3
  4. mikahan

    mikahan Guest

    Sebastian Gottschalk napisał(a):
    > A wonderful example why such IPSs are stupid. The "script kiddies" will
    > spoof IP addresses of important hosts and your IP blocking will turn into a
    > Self-DoS.
    >
    > Only a fool would implement automatic reactions to IDS events.


    True. But I can turn off DOS blocking option for several host.
    I'am convinced that IPS in corporate network will very useful but what with data
    center ?

    Does IPS help securing serwers agains XSS, SQL injection, buffer overflow code
    sending to server ? What else ?

    And the final question is: what is the sense to shell 80k$ for such device ?
    mikahan, Jan 9, 2007
    #4
  5. mikahan wrote:

    > Sebastian Gottschalk napisa³(a):
    >> A wonderful example why such IPSs are stupid. The "script kiddies" will
    >> spoof IP addresses of important hosts and your IP blocking will turn into a
    >> Self-DoS.
    >>
    >> Only a fool would implement automatic reactions to IDS events.

    >
    > True. But I can turn off DOS blocking option for several host.


    If you turn off the part of the IPS that puts in the reaction to the
    events, then you basically have an IDS.

    > I'am convinced that IPS in corporate network will very useful but what with data
    > center ?


    An IPS is never useful. An IDS might be, depending on your scenario.

    Generally, and IDS in a corporate network is indeed a very bad idea, since
    it requires a lot of maintain, but provides only little security benefit.
    With a data center, you requirements might be neater, which would increase
    the benefit and narrow the necessary maintain.

    > Does IPS help securing serwers agains XSS, SQL injection, buffer overflow code
    > sending to server ? What else ?


    That depends on the IPS. Even with signature-based approaches, many
    implementation do not take action on the initial event, but rather only
    following events matching the signature of the initial events - thus, if it
    reacts, it might already be too late.

    What about securing the servers themselves instead?

    > And the final question is: what is the sense to shell 80k$ for such device ?


    An extra filled field at buzzword bingo. And a +1 modifier (non-magic ATK)
    for your favorite LART tool.
    Sebastian Gottschalk, Jan 9, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bob

    Hosting Data Center Operational Assessment

    Bob, Jul 21, 2004, in forum: Microsoft Certification
    Replies:
    0
    Views:
    523
  2. Replies:
    0
    Views:
    610
  3. Au79
    Replies:
    0
    Views:
    370
  4. =?Utf-8?B?TGFycnkgQmlyZA==?=

    Data Center Edition of Vista

    =?Utf-8?B?TGFycnkgQmlyZA==?=, Oct 6, 2006, in forum: Windows 64bit
    Replies:
    7
    Views:
    353
    cluberti
    Oct 7, 2006
  5. Martijn Lievaart

    HSRP: virtual IPs without real IPs?

    Martijn Lievaart, Feb 9, 2012, in forum: Cisco
    Replies:
    4
    Views:
    1,109
    Martijn Lievaart
    Feb 15, 2012
Loading...

Share This Page