Firewall Wizards mailing list archives
Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name
From: Iván Arce <core.lists.firewall-wizards () core-sdi com>
Date: Tue, 13 Aug 2002 14:18:38 -0300
But there are fundamental conceptual differences from a security standpoint in some of the technologies listed below. Those adopting firewalling technologies are aiming at preventing (read: STOPPING) attacks coming from one security domain to another (lets say an untrusted net and a trusted one). The rationale and the "paradigm" behind firewalls is (or at least I see it as) that, stopping the attackers, isolations of security domains. IDS adopters on the other hand have gone a step further in their assumptions, here the rationale is that they can NOT stop all the attacks, sometime somewhere there will be someone good enough to bypass the poorly configured firewall so here is ideas is "if I cannot stop them all at least I will try to be informed as soon as I detect a successful attack" (think a NIDS on the trusted side of the FW or a HIDS). So in my opinion adopting IDS technologies imply a conceptual change in term of what is expected from the firewall technology, the adopter is giving in to the idea of not being able to stop all the attacks. Further down the line, a honeypot/honeynet could be and is generally used to LEARN from the attacker. Here the adopter accepts that her IDS will not detect all attacks, but only those that are previously known or differ substantially from the normal user behavior but she will not acquire any substantial information from the attacker or the techniques employed. Nor about previously unknown forms of attack. Deploying a honeypot demonstrates a desire to learn from attackers and perhaps also to go after them with a more strong case.. Yes, perhaps all the things listed below are one and the same, after all they are just electrons flowing in a barely ordered way but I believe that the differences should be presented in terms of what "implicit" security assumptions are being made when each of them is used. jm2p -ivan -- Perscriptio in manibus tabellariorum est Noli me vocare, ego te vocabo Ivan Arce CTO CORE SECURITY TECHNOLOGIES 44 Wall Street - New York, NY 10005 Ph: (212) 461-2345 Fax: (212) 461-2346 http://www.corest.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A ----- Original Message ----- From: Marcus J. Ranum <core.lists.firewall-wizards () core-sdi com> To: <firewall-wizards () nfr net> <firewall-wizards () honor icsalabs com> Sent: Monday, August 12, 2002 8:53 PM Subject: Re: [fw-wiz] GIDS, Intrusion Prevention: A Firewall by Any Other Name
Actually: IDS VPN routers honeypots Firewalls URL filters boundary antivirus caching proxies
--- for a personal reply use: =?iso-8859-1?Q?Iv=E1n_Arce?= <ivan.arce () corest com> _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Paul D. Robertson (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ryan Russell (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Frank Knobbe (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ryan Russell (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Barney Wolff (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name B. Scott Harroff (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Frank Knobbe (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Iván Arce (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 14)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Mikael Olsson (Aug 14)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ofir Arkin (Aug 16)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 17)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 17)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ofir Arkin (Aug 17)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)