Firewall Wizards mailing list archives

Re: Corporate H/N IPS

From: "Talisker" <talisker () networkintrusion co uk>
Date: Fri, 13 Dec 2002 15:10:07 -0000

Crispin
I'm not exactly in agreement with many of your points

EXACTLY like a firewall, only they look at higher level aplication
protocols than classic packet filtering firewalls.


I for one would not entrust my perimeter defense to a NIPS, however I may
consider using a NIPS to look for intrusion signatures on those packets that
have been passed by the firewall.  I feel they complement each other very
well.

Unfortunately, marketeers are pushing new buzz-words, trying to convince
people that "host intrusion prevention" is some how different from
secure operating systems.


There is little doubt that marketing forces are at work.  However, from
experience we have lost this battle and to be fair the term IPS isn't so
bad.  I do see HIPS as different from Secure OS's they are more widely
available to all, deployable with minimal impact on an existing network and
enterprise aware out of the box.

True: "intrusion detection" is what you call it when your detector is so
slow or imprecise that it cannot be used for prevention.


IDS can be a little hit and miss, I've had to switch some off because they
were so inadequate.  However, I have also used others to good effect they
have saved my network on many occasions.  There are some excellent examples
of both Host and Network IDS and as they mature they are becoming ever more
capable.  That isn't to say they will work out of the box they do need a lot
of tender loving care but the investment of some time and tuning pays
dividends.

take care
-andy
Taliskers Network Security Tools
http://www.networkintrusion.co.uk
----- Original Message -----
From: "Crispin Cowan" <crispin () wirex com>
To: "Talisker" <talisker () networkintrusion co uk>
Cc: <firewall-wizards () honor icsalabs com>
Sent: Saturday, December 14, 2002 2:36 AM
Subject: Re: [fw-wiz] Corporate H/N IPS


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Corporate H/N IPS Talisker (Dec 13)
- Re: Corporate H/N IPS Crispin Cowan (Dec 13)
  - Re: Corporate H/N IPS Carson Gaspar (Dec 14)
  - Re: Corporate H/N IPS Talisker (Dec 14)
    - Re: Corporate H/N IPS Crispin Cowan (Dec 14)
    - Re: Corporate H/N IPS Fritz Ames (Dec 15)
    - RE: Corporate H/N IPS Bill Royds (Dec 15)
    - RE: Corporate H/N IPS David Lang (Dec 16)
    - Message not available
    - RE: Corporate H/N IPS Marcus J. Ranum (Dec 17)
- <Possible follow-ups>
- Re: Corporate H/N IPS Chris Boscolo (Dec 16)
  - Re: Corporate H/N IPS Marcus J. Ranum (Dec 17)