[Snort-users] Re: [Snort-devel] IDS vs IPS
mht3 at ...741...
Tue Sep 2 05:41:33 EDT 2003
Rather impressive does not mean it is commercial ready.
Commercial Ready means it meets or exceeds he criteria of the definition
of the Industry Analysts and can be reviewed by the people who do those
rather large network type bake-offs of products and barely understand how
the technology works except click "Setup.exe" and pray the Installshield
doesn't barf on their system which most likely doesn't meet the vendors
stated minimum requirements. How about db's?? How many of the IPS vendors
require MSSQL as their databse of choice??
If the IPS vendors require MS SQL as their database backend, that means
the IPS management console can't handle an enterprise type organization
without having massive horsepower and some sort of distributed console
management technology underlying it. How many of the industry reviewers
actually review that type of scenario.. ??
I might not even have to take off my shoes to count. Oh better yet, let me
get out my abacus..
[/standing on soapbox]
Back to my original ranting, GOOD firewall code hasn't been produced in
years..In fact, if someone could dig up Wei Xu, Peter Churchill or Brian
Reid.. I am sure they could tell you stories about GOOD firewall code,
proxy code and the crud they had to put up with.
You know there are still Digital Equipment Corporation Firewalls in place
at a major bank in NY/NJ area.. (DECSeal at least 20 of them by my last
count).. the technology is 10 years old, and no one has broken into them..
Go figure that one out.. no IDS, no IPS.. Actually in fact, I can also
name a few other companies that still have Gauntlet firewalls in place..
Was it GOOD firewall code, who knows, but the fact remains, IPS technology
is still in its infancy, while Firewalls have been around for almost 15
years, and IDS technology, although not fully matured over 5 years.
IPS is less than 30 months old, and everyone single marketing person
expels "IPS is the future, firewalls and IDS are dead" OK, marketing
people, speak up and tell us who the pure IPS vendors are, not firewall and
IDS vendors trying to re-define their space and get some marketing mojo
I even cc;ed a marketing person on the list so that they can respond to the
hype and defend themselves in this little thread.. C'mon give us the
marketing hype and story.. Anyone else from other vendors marketing
department listening/reading.. ??
[/slipping off soapbox...]
argghhhh, I have fallen underneath the IPS hype and need call the nearest
IPS marketing person to get up...
P.S. Does this mean I am back to my full lunancy of ranting and raving, not
quite sure, but it is fun to be alive again.. Jeff N and Gary C, I owe you
two a beer..
At 06:02 PM 8/30/2003, Jeff Nathan wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>not entirely true. Dan Hartmeier's packet filter is rather impressive.
>On Wednesday, August 27, 2003, at 09:21 PM, Mark Teicher wrote:
>>I disagree, New IPS is not the natural evolution of the existing
>>firewall, it is natural evolution of marketing hype. !!! Good firewall
>>code just doesn't exist anymore, except for the Ultimate Firewall
>>At 09:16 PM 8/27/2003, Jason wrote:
>>>Thanks, I think the matrix shows fairly well that the _new IPS_ is a
>>>natural evolution of the existing firewall.
>>>This is important to point out because there are existing investments in
>>>firewalls and these firewalls are rapidly closing the gap where needed.
>>>I know that CP has been moving in this direction for a while. It has
>>>also been my experience that they have been moving at an appropriate
>>>pace and the capabilities have been there when I've needed them.
>>>One final statement. You do not need the firewall to log content if you
>>>have an IDS that you can trust will not have a direct impact on the
>>>business should it be too critical of the data.
>>>You can also have confidence in your firewall because your IDS verifies
>>>what you told the firewall to do and covers your arse when you let
>>>something by because of business requirements or a human error.
>>This sf.net email is sponsored by:ThinkGeek
>>Welcome to geek heaven.
>>Snort-users mailing list
>>Snort-users at lists.sourceforge.net
>>Go to this URL to change user options or unsubscribe:
>>Snort-users list archive:
>http://cerberus.sourcefire.com/~jeff (gpg key available)
>"Problems cannot be solved at the same level of awareness that
>created them." - Albert Einstein
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.2 (Darwin)
>-----END PGP SIGNATURE-----
More information about the Snort-users