[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] Suggestion for IDS

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: RE: [Full-disclosure] Suggestion for IDS
From: "Jan Nielsen" <jan@xxxxxxxxxxxx>
Date: Wed, 28 Sep 2005 18:49:32 +0200

Hi Pauk

Can i ask what you were doing that a pix could not handle nat wise ?
just wondering since I have done very extensive and complex nat'ing in
pix'es from 506's up to 535's without any performance problems.

Jan

-----Original Message-----
From: Paul Schmehl [mailto:pauls@xxxxxxxxxxxx] 
Sent: 28. september 2005 17:49
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Suggestion for IDS 

--On Wednesday, September 28, 2005 11:37:38 -0400
Valdis.Kletnieks@xxxxxx 
wrote:

> On Wed, 28 Sep 2005 07:01:34 EDT, "J. Oquendo" said:
>
>> While I do agree with the statement made "Quite frankly, anybody who
>> already has a PIX installed and wants to install an IPS needs to
quantify
>> *exactly* what protection the PIX is failing to provide before they
go
>> shopping for anything" to a degree, I also disagree with that
statement
>> since it eludes to the thinking that solely a PIX will save your ass.
It
>> won't, nor will any other firewall, nor will any other product
combined
>> with any OTHER product and so on.
>
> Obviously, the original poster isn't thinking that a PIX will save
their
> ass, because they're in the market for something in addition :)
>
> They should be figuring out *why* they need more protection (quite
> frankly, for many places, a *properly configured and maintained* PIX
is
> quite sufficient),

Not only was the PIX (for us) not sufficient, it wasn't robust enough. 
We're ditching our PIXes for OpenBSD and pf.

If you NAT a lot, PIX can't handle the load.  It also isn't flexible
enough.

Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- RE: [Full-disclosure] Suggestion for IDS
  - From: Paul Schmehl

References:
- Re: [Full-disclosure] Suggestion for IDS
  - From: Paul Schmehl

Prev by Date: Re: [Full-disclosure] Suggestion for IDS
Next by Date: Re: [Full-Disclosure] (no subject) cpshost.dll
Previous by thread: Re: [Full-disclosure] Suggestion for IDS
Next by thread: RE: [Full-disclosure] Suggestion for IDS
Index(es):
- Date
- Thread