On 6 Feb 2015, at 11:46, Valdis Kletnieks wrote:
Count up the number of *actual* attacks they have stopped that wouldn't have been stopped otherwise
Many.
and contrast it to the number of times they've been used as the *basis* for an attack (DDoS via state exhaustion, for starters)
Zero, on my networks.
or their failure has caused operational issues.
Zero, on my networks. Unless "operation issues" means traffic fails over without a hitch.
Still think they're a good idea?
Yep. And thanks for asking. If you can't deploy IPS's in such a way that they don't make your network less secure via DDoS susceptibility, or reduce availability due to non-existent or subpar redundancy/survivability engineering, then you shouldn't deploy IPS's. -Terry On Thu, Feb 5, 2015 at 11:46 AM, <Valdis.Kletnieks@vt.edu> wrote:
On Thu, 05 Feb 2015 09:31:49 -0500, Terry Baranski said:
People tend to hear what they want to hear. Surely your claim can't be that an IPS has never, in the history of Earth, prevented an attack or exploit. So it's unclear to me what you're actually trying to say here.
Count up the number of *actual* attacks they have stopped that wouldn't have been stopped otherwise, and contrast it to the number of times they've been used as the *basis* for an attack (DDoS via state exhaustion, for starters) or their failure has caused operational issues. Remember that one of the three security pillars is "Availability".
Still think they're a good idea?