Has anyone had experiences (good or bad) with the TippingPoint Intrusion Prevention system? If so could you share your thoughts.
thanks.
after this sat around for a while ...
How about IPS in general? anyone had any experiences good or bad with IPS?
Printable View
Has anyone had experiences (good or bad) with the TippingPoint Intrusion Prevention system? If so could you share your thoughts.
thanks.
after this sat around for a while ...
How about IPS in general? anyone had any experiences good or bad with IPS?
I didn't respond initially because I have nothing to say about this product in particular. But since you got no "bites" I'll throw my 2c into the ring......
I don't like IPS's for one simple reason. In theory they give an attacker with the opportunity to DoS you. Furthermore, the IPS will be fairly recognizable as just that, an IPS, so it then makes the attackers job easier if he just wants to screw with you.
There was an IPS, (it may have been this one), that was an interesting concept. It looked, specifically, for reconnaisance actions and fed back erroneous data and stored what it sent in a database. Then, if an attack was initiated against that service on that "imaginary" IP the system would pretend not to cooperate IIRC. No harm done to the network. It's a bit like a honeynet but something unconvinced me about it's effectiveness. I think there was a thread about it here about 18 months ago but I have no idea what to put into the search.... :o
If someone can come up with an IPS that wouldn't make itself pretty obvious to the attacker then I might be interested.... I just have some problem working out how that can be acheived.... OTOH, there's a lot of people out there that are a lot smarter than me..... :eek:
Thanks Tiger.
I am engaged in 'intense' negotiations with a client who insists an IPS is all they need....I have the NSS reporton Tipping Point which indicates its the best one, but as you say, still in no way a silver bullet.