Monthly Archives: December 2009
I see this often and I am always amused at the topic. I have worked with IDS/IPS for 8 years, so I know IPS when it was just a flavor of IDS that no one wanted to enable for fear of blocking access to users and customers. I chuckle at the thought of WAF being a glorified IPS. My how times have changed.
Here are four things that your WAF can do that your IPS can’t. I tried to keep this vendor agnostic.
Please feel free to pile on or comment, just no flames please!
WAF vs IPS?
I recently had the privilege of reviewing some CCNP Wireless material. Although my CCNA expired a long time ago, I’ve worked with a lot of CCNP’s, CCIE’s, and Cisco gear (including wireless) over the years. I expected the material and content to be similar to other Cisco material I’ve read/studied. I have a CCNP Study Course sitting on my desk, if I can ever get to it.
Anyway, after reviewing the syllabus for CCNP Wireless, I can honestly say that you’re a Cisco Wireless Guru if you can pass all four of the exams without doing at least one cram course or buying the soon-to-be on-the-market Study Guides. You’ll need some strong experience and a good instructor to tackle this beast.
While reading through my blog inbox and writing up my 2010 Wishlist for work, I thought I’d drop a quick post to highlight five web security ‘problem areas’ that still exist after at least a decade of patches, pleas, and regulatory requirements.
- SQL Injection
- Hack the Web Server
- Cross Site Scripting
- Cookie Tampering
- Session Hijacking
I often find myself explaining what these are and providing examples, in order to garner support for remediation.