[AusNOG] IDS / IPS Experience

Eric Pinkerton Eric.Pinkerton at stratsec.net
Wed Nov 30 22:45:23 EST 2011


Yawn... 

<rant>

Roland APT is the new DDOS, the idea that avaliability is your only concern is over, try googling Operation Aurora, Stuxnet, RSA hack, Lockheed Martin hack, Lulsec, SQL Injection, etc etc etc.

Telling people that firewalls, and IDS/IPS is a bad idea, is like saying condoms are bad because abstinence is more effective - People just arent good at abstinence mate!

We have proven time and time again that humans are just not that good at securing their shit, so defence in depth is paramount.

The difference between you and me is that you get woken up at 2am it's because someone has been dossed,  I get woken up at 2am because someones entire credit card database is on pastebin.

I cant sell you a magical appliance that can fix that people, so Compartmentalise, use least privelege, use defence in depth, use firewalls/IDS, patch your kit and monitor your logs.

</rant>

________________________________________
From: ausnog-bounces at lists.ausnog.net [ausnog-bounces at lists.ausnog.net] On Behalf Of Dobbins, Roland [rdobbins at arbor.net]
Sent: Wednesday, 30 November 2011 5:51 PM
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] IDS / IPS Experience

On Nov 30, 2011, at 1:46 PM, <mants at tpg.com.au> wrote:

> Just wondering if anyone want's to share their experience regarding IDS /IPS solution related to traffic handling during hardware power cycle. Did you see
> any packet/s drops during and after? and why?

See this AusNOG preso:

<http://www.ausnog.net/images/ausnog-05/presentations/7-2-stateofdanger.pdf>

and see p42. of the Arbor 2010 WISR:

<https://files.me.com/roland.dobbins/8c1cyp>

on why these devices have no place in SP networks.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

                The basis of optimism is sheer terror.

                          -- Oscar Wilde

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
--
Message  protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.http://www.mailguard.com.au/mg
Click here to report this message as spam:
https://login.mailguard.com.au/report/1DD8aZwFkC/1Aj8M6B8KCfF1Zt4dcHn6p/0


More information about the AusNOG mailing list