Firewall Wizards mailing list archives
Re: Corporate H/N IPS
From: Crispin Cowan <crispin () wirex com>
Date: Fri, 13 Dec 2002 18:36:51 -0800
Talisker wrote:
EXACTLY like a firewall, only they look at higher level aplication protocols than classic packet filtering firewalls. I.e. they are exactly like the older application proxy firewalls.Intrusion Prevention System (IPS). More proactive than the traditional IDS, they actively block traffic deemed as malicious, almost like a firewall but using IDS techniques to block an attack.
Exactly like secure operating systems, or security-enhanced operating systems. Again, there is nothing fundamentally new here, just that the techniques have advanced. The technology has improved to provide faster, finer-grained intrusion prevention (such as Type Enforcement access control, and StackGuard and FormatGuard compiled-in defenses). Unfortunately, marketeers are pushing new buzz-words, trying to convince people that "host intrusion prevention" is some how different from secure operating systems.Host IPS. A HIPS will block an attack aimed at the Host upon which it is situated, previous names for a HIPS have included Network Node IDS (NNIDS) or personal firewall. To quote nss "It binds closely with the operating system kernel and services, monitoring and intercepting system calls to the kernel or APIs in order to prevent attacks".
True: "intrusion detection" is what you call it when your detector is so slow or imprecise that it cannot be used for prevention.A HIPS should not to be confused with a HIDS which looks at the host Event or Sys logs, though many HIPS incorporate HIDS and File Integrity Checking. examples of HIPS are: Entercept and Intrusion's SHS (Stormwatch)
What used to be called a proxy firewall, such as the Firewall Toolkit, or the Raptor firewall.Network IPS. What used to be called an inline IDS, it's an IDS with 2 interfaces, it will block those packets that trigger the criteria laid down by the IDS. examples TippingPoint UnityOne and RealSecure Guard
Please include the Immunix Secure OS, which is a linux system protected with an arsenal of intrusion prevention systems.I'm looking for a good starting place and therefore looking for lists containing HIPS and NIPS to start me off on the research, in return I will collate all the information and feed a summary back into the list.
Also please consider deprecating the term "intrusion prvention" as marketing hype. NIPS ::= firewall, and HIPS ::= secure OS.
Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html Just say ".Nyet"
Attachment:
_bin
Description:
Current thread:
- Corporate H/N IPS Talisker (Dec 13)
- Re: Corporate H/N IPS Crispin Cowan (Dec 13)
- Re: Corporate H/N IPS Carson Gaspar (Dec 14)
- Re: Corporate H/N IPS Talisker (Dec 14)
- Re: Corporate H/N IPS Crispin Cowan (Dec 14)
- Re: Corporate H/N IPS Fritz Ames (Dec 15)
- RE: Corporate H/N IPS Bill Royds (Dec 15)
- RE: Corporate H/N IPS David Lang (Dec 16)
- Message not available
- RE: Corporate H/N IPS Marcus J. Ranum (Dec 17)
- Re: Corporate H/N IPS Crispin Cowan (Dec 13)
- <Possible follow-ups>
- Re: Corporate H/N IPS Chris Boscolo (Dec 16)
- Re: Corporate H/N IPS Marcus J. Ranum (Dec 17)