Hi
I am new to IPS and I have been doing some research to try to
understand what is the most effective way deploy IPS. I read this below
There can be problems introduced by IPS and the primary one is comprised
of a denial of service attack. For example, if I know a specific IP
address is running an active intrusion blocking system, I can spoof an
attack from microsoft and google, which the active IPS will respond by
putting the appropriate IP addresses into a block list, either timed or
permanent, depending on the configuration. As if that's not bad enough,
what if I could cause it to block out your upstream DNS? Or a zone
server? Or your upstream router? Yes, I can find that out with a
traceroute. Or your default gateway? I can guess that one in 255
attempts. This has traditionally been why network admins have been
reluctant to install active intrusion blocking. Perhaps SonicWall has
mitigated all of these risks. I would want to know this before I
implemented one.
If attacks can be made be utilising I have one simple question is it
easier or more effective to deploy IPS on a bridge or a router?
chris
|
