Le 05/02/2015 14:28, Terry Baranski a écrit : > On 5 Feb 2015, at 08:13, Michael Hallgren wrote: >> Sure they will give you pretty graphs of script-kiddie attempts but >> that's just the noise in which the skilled attack will get lost.
No, Terry, I didn't write that ! :-) Cheers, mh > Sorry but this is not even in the neighborhood of what a > properly-implemented IPS does. > > I can certainly see why you think they're worthless though. :-) > > -Terry > > -----Original Message----- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Michael O Holstein > Sent: Thursday, February 05, 2015 8:13 AM > To: nanog@nanog.org > Subject: Re: Checkpoint IPS > > >>> `` 'IPS' devices require artificially-engineered topological symmetry- >>> can have a negative impact on resiliency via path diversity.'' >> Dang, I thought this quote was from an April 1st RFC when I first read it. >> >> I hate to be the bearer of bad news, but everything we do is "artificial". >> There are no routers in nature, no IP packets, no fiber optics. There is no >> such thing as "natural engineering" -- engineering is "artificial" by >> definition. > You're forgetting that such things are rarely read (in time) by the people > that actually implement and use such a product .. that language is targeted > at the pointy-haired crowd. > Salespeople *hate* it when they get a technical resource instead of a > management one because "it's magic, it's artificial intelligence, etc." just > doesn't fly with us. > > Personally I'm of the belief that *all* IPS systems are equally worthless, > unless the goal is to just check a box on a form. Sure they will give you > pretty graphs of script-kiddie attempts but that's just the noise in which > the skilled attack will get lost. You have to do everything else right, you > can't just plug the "magic box" inline and expect to relax. > > My 0.02. > > Michael Holstein > Cleveland State University > 2= >
