Firewall Wizards mailing list archives
Re: Corporate H/N IPS
From: "Talisker" <talisker () networkintrusion co uk>
Date: Fri, 13 Dec 2002 15:10:07 -0000
Crispin I'm not exactly in agreement with many of your points
EXACTLY like a firewall, only they look at higher level aplication protocols than classic packet filtering firewalls.
I for one would not entrust my perimeter defense to a NIPS, however I may consider using a NIPS to look for intrusion signatures on those packets that have been passed by the firewall. I feel they complement each other very well.
Unfortunately, marketeers are pushing new buzz-words, trying to convince people that "host intrusion prevention" is some how different from secure operating systems.
There is little doubt that marketing forces are at work. However, from experience we have lost this battle and to be fair the term IPS isn't so bad. I do see HIPS as different from Secure OS's they are more widely available to all, deployable with minimal impact on an existing network and enterprise aware out of the box.
True: "intrusion detection" is what you call it when your detector is so slow or imprecise that it cannot be used for prevention.
IDS can be a little hit and miss, I've had to switch some off because they were so inadequate. However, I have also used others to good effect they have saved my network on many occasions. There are some excellent examples of both Host and Network IDS and as they mature they are becoming ever more capable. That isn't to say they will work out of the box they do need a lot of tender loving care but the investment of some time and tuning pays dividends. take care -andy Taliskers Network Security Tools http://www.networkintrusion.co.uk ----- Original Message ----- From: "Crispin Cowan" <crispin () wirex com> To: "Talisker" <talisker () networkintrusion co uk> Cc: <firewall-wizards () honor icsalabs com> Sent: Saturday, December 14, 2002 2:36 AM Subject: Re: [fw-wiz] Corporate H/N IPS _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Corporate H/N IPS Talisker (Dec 13)
- Re: Corporate H/N IPS Crispin Cowan (Dec 13)
- Re: Corporate H/N IPS Carson Gaspar (Dec 14)
- Re: Corporate H/N IPS Talisker (Dec 14)
- Re: Corporate H/N IPS Crispin Cowan (Dec 14)
- Re: Corporate H/N IPS Fritz Ames (Dec 15)
- RE: Corporate H/N IPS Bill Royds (Dec 15)
- RE: Corporate H/N IPS David Lang (Dec 16)
- Message not available
- RE: Corporate H/N IPS Marcus J. Ranum (Dec 17)
- Re: Corporate H/N IPS Crispin Cowan (Dec 13)
- <Possible follow-ups>
- Re: Corporate H/N IPS Chris Boscolo (Dec 16)
- Re: Corporate H/N IPS Marcus J. Ranum (Dec 17)