IPS + data center

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I mull over how installation of IPS
device can increase security of data
center where the only service are http,
https and domain.

Could someone help me in deliberations ?


Re: IPS + data center

Quoted text here. Click to load it

Would it help to say that among the paths to intrusion most favored by
attackers are attacks against web applications?  

Without IDS/IPS there's nothing alerting you to suspicious http attack
signatures, and nothing locking out the IP's of script kiddies running
scripted attacks against common web application errors.

IPS isn't a substitute for having your web applications and server
configuration pen tested though, to identify vulnerabilities.

Best Regards,
Todd H.
http://www.toddh.net /

Re: IPS + data center

Todd H. wrote:

Quoted text here. Click to load it

A wonderful example why such IPSs are stupid. The "script kiddies" will
spoof IP addresses of important hosts and your IP blocking will turn into a

Only a fool would implement automatic reactions to IDS events.

Re: IPS + data center

Sebastian Gottschalk napisaƂ(a):
Quoted text here. Click to load it

True. But I can turn off DOS blocking option for several host.
I'am convinced that IPS in corporate network will very useful but what with data
center ?

Does IPS help securing serwers agains XSS, SQL injection, buffer overflow code
sending to server ? What else ?

And the final question is: what is the sense to shell 80k$ for such device ?

Re: IPS + data center

mikahan wrote:

Quoted text here. Click to load it

If you turn off the part of the IPS that puts in the reaction to the
events, then you basically have an IDS.

Quoted text here. Click to load it

An IPS is never useful. An IDS might be, depending on your scenario.

Generally, and IDS in a corporate network is indeed a very bad idea, since
it requires a lot of maintain, but provides only little security benefit.
With a data center, you requirements might be neater, which would increase
the benefit and narrow the necessary maintain.

Quoted text here. Click to load it

That depends on the IPS. Even with signature-based approaches, many
implementation do not take action on the initial event, but rather only
following events matching the signature of the initial events - thus, if it
reacts, it might already be too late.

What about securing the servers themselves instead?

Quoted text here. Click to load it

An extra filled field at buzzword bingo. And a +1 modifier (non-magic ATK)
for your favorite LART tool.

Site Timeline