Thursday, May 17, 2012

CISSP CPE6: Deploying IPS Successfully

Webinar Juniper Length : 01:30:00

IPS Strength:
Data center protection
IPS good for protecting datacenter, especially protecting servers.
Protecting Client to Server direction.
But IPS is not so good protecting clients.

It's good to add IPS capability on FW, because no need to add another device, but this might be the right reason.

Policy compliance with IPS

FW/IPS consolidate where IPS use is light

Out of band/sniffer
1. Client to Server
2. Anomalous/Evasive Network protocol Behavior 3. Network Layer Server to Client Attack 4. Brute Force Attacks 5. DoS Attack


IPS  Weakness:
Not one is box logging
IPS only vs standalone - lack of network profiling High performance price Malware detection - require file format/application analysis (ex: malicious PDF, excel, word, flash object, java object)

File format based detection
Specialized application security (WAF)
Reputation/profiling/data import based attack detection.

Questions before deploying IPS:
what assets to protect?
What throughput, sessions, CPS?
What type of IPS policy?

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home