Hosting Provided By

Re: [Snort-users] Re: [Snort-devel] IDS vs IPS

From: Mark Teicher <mht3(at)earthlink.net>
Date: Sat Aug 30 2003 - 20:43:07 EDT

Jeff,

Rather impressive does not mean it is commercial ready. Commercial Ready means it meets or exceeds he criteria of the definition of the Industry Analysts and can be reviewed by the people who do those rather large network type bake-offs of products and barely understand how the technology works except click "Setup.exe" and pray the Installshield doesn't barf on their system which most likely doesn't meet the vendors stated minimum requirements. How about db's?? How many of the IPS vendors require MSSQL as their databse of choice?? If the IPS vendors require MS SQL as their database backend, that means the IPS management console can't handle an enterprise type organization without having massive horsepower and some sort of distributed console management technology underlying it. How many of the industry reviewers actually review that type of scenario.. ??

I might not even have to take off my shoes to count. Oh better yet, let me get out my abacus..

[/standing on soapbox]

Back to my original ranting, GOOD firewall code hasn't been produced in years..In fact, if someone could dig up Wei Xu, Peter Churchill or Brian Reid.. I am sure they could tell you stories about GOOD firewall code, proxy code and the crud they had to put up with.

You know there are still Digital Equipment Corporation Firewalls in place at a major bank in NY/NJ area.. (DECSeal at least 20 of them by my last count).. the technology is 10 years old, and no one has broken into them.. Go figure that one out.. no IDS, no IPS.. Actually in fact, I can also name a few other companies that still have Gauntlet firewalls in place..

Was it GOOD firewall code, who knows, but the fact remains, IPS technology is still in its infancy, while Firewalls have been around for almost 15 years, and IDS technology, although not fully matured over 5 years. IPS is less than 30 months old, and everyone single marketing person expels "IPS is the future, firewalls and IDS are dead" OK, marketing people, speak up and tell us who the pure IPS vendors are, not firewall and IDS vendors trying to re-define their space and get some marketing mojo going..

Do you need help?

I even cc;ed a marketing person on the list so that they can respond to the hype and defend themselves in this little thread.. C'mon give us the marketing hype and story.. Anyone else from other vendors marketing department listening/reading.. ??

[/slipping off soapbox...]

argghhhh, I have fallen underneath the IPS hype and need call the nearest IPS marketing person to get up...

P.S. Does this mean I am back to my full lunancy of ranting and raving, not quite sure, but it is fun to be alive again.. Jeff N and Gary C, I owe you two a beer..

/cheers

/mark

At 06:02 PM 8/30/2003, Jeff Nathan wrote:

>-----BEGIN PGP SIGNED MESSAGE-----

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Tue Sep 2 08:53:21 2003

Do you need more help?

This message: [ Message body ]
Next message: Mark Teicher: "Re: RE: [Snort-users] Re: [Snort-devel] IDS vs IPS"
Previous message: Gary Flynn: "Re: [Snort-users] Re: [Snort-devel] IDS vs IPS"
In reply to Jeff Nathan: "Re: [Snort-users] Re: [Snort-devel] IDS vs IPS"
Next in thread: Gordon Cunningham: "RE: [Snort-users] Re: [Snort-devel] IDS vs IPS"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:09 EDT