On 6 Feb 2015, at 11:46, Valdis Kletnieks wrote: > Count up the number of *actual* attacks they have stopped > that wouldn't have been stopped otherwise
Many. > and contrast it > to the number of times they've been used as the *basis* for > an attack (DDoS via state exhaustion, for starters) Zero, on my networks. > or their failure has caused operational issues. Zero, on my networks. Unless "operation issues" means traffic fails over without a hitch. > Still think they're a good idea? Yep. And thanks for asking. If you can't deploy IPS's in such a way that they don't make your network less secure via DDoS susceptibility, or reduce availability due to non-existent or subpar redundancy/survivability engineering, then you shouldn't deploy IPS's. -Terry On Thu, Feb 5, 2015 at 11:46 AM, <valdis.kletni...@vt.edu> wrote: > On Thu, 05 Feb 2015 09:31:49 -0500, Terry Baranski said: > > > People tend to hear what they want to hear. Surely your claim can't be > that > > an IPS has never, in the history of Earth, prevented an attack or > exploit. > > So it's unclear to me what you're actually trying to say here. > > Count up the number of *actual* attacks they have stopped that wouldn't > have been stopped otherwise, and contrast it to the number of times they've > been used as the *basis* for an attack (DDoS via state exhaustion, for > starters) > or their failure has caused operational issues. Remember that one of the > three security pillars is "Availability". > > Still think they're a good idea? >