" Securing hosts/applications/services themselves is the way to protect them from compromise." Can't go wrong with defense in depth. I'd definitely throw securing routers in there, throw in firewalls, periodic internal scanning for idiot mistakes, audits, etc. I still think IPS/IDSes can be wielded to good effect in several different scenarios--e.g. just before the core switch (or spanning the core switch) of a PCN network, alerting to anything going on intra vs. inter. --p -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Roland Dobbins Sent: Thursday, February 05, 2015 7:20 AM To: nanog@nanog.org Subject: [EXTERNAL]Re: Checkpoint IPS On 5 Feb 2015, at 20:13, Michael O Holstein wrote:
Personally I'm of the belief that *all* IPS systems are equally worthless, unless the goal is to just check a box on a form.
Concur 100%. Securing hosts/applications/services themselves is the way to protect them from compromise. ----------------------------------- Roland Dobbins <rdobbins@arbor.net>