Firewall Wizards mailing list archives

RE: Intrusion Prevention Firewall

From: "Pieper, Rodney" <rodney.pieper () eds com>
Date: Mon, 18 Mar 2002 13:09:09 -0500

There is an interesting article in the March issue of Information Security
Magazine

http://www.infosecuritymag.com/2002/mar/roundtable.shtml

2 things stand out. 
Automated response still requires policy. What you want to react to is not
necessarily importent to another environment. 

The IDS field is not currently 'mature' enough for automating reacting. We
need predictive IDS not reactive.

Rod Pieper

-----Original Message-----
From: Stiennon,Richard [mailto:richard.stiennon () gartner com]
Sent: Saturday, March 16, 2002 5:42 PM
To: 'Gary Flynn'; 'firewall-wizards () nfr com'
Subject: RE: [fw-wiz] Intrusion Prevention Firewall


Check out OneSecure's recently announced inline NIDS/Prevention device. This
is exactly what it does. Note CTO, Nir Zuk of FW-1 and VPN-1 fame.
http://www.onesecure.com/products.html
-Richard

-----Original Message-----
From: Gary Flynn [mailto:flynngn () jmu edu]
Sent: Friday, March 15, 2002 4:25 PM
To: firewall-wizards () nfr com
Subject: [fw-wiz] Intrusion Prevention Firewall



Hi,

I'm looking for a cross between an NIDS and a
firewall.

Are there network "IDS" products out there that take action 
to prevent an attack from succeeding other than to:

1) Notify someone to manually deal with it
2) Do a TCP RST on the session
3) Put a router filter in to block the offending IP

I'm looking for something like an application level firewall
controlled by a NIDS engine that would drop offending
traffic at the ingress point. Something like Hogwash but
in a mainstream product capable of being put on a high-speed
production Internet feed.

( http://hogwash.sourceforge.net/ )

Does such a thing exist?

thanks,
-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Intrusion Prevention Firewall Gary Flynn (Mar 16)
- Re: Intrusion Prevention Firewall Mark Renouf (Mar 17)
- Re: Intrusion Prevention Firewall Inno Eroraha (Mar 29)
- <Possible follow-ups>
- RE: Intrusion Prevention Firewall Stiennon,Richard (Mar 17)
- FW: Intrusion Prevention Firewall franks (Mar 17)
  - Re: FW: Intrusion Prevention Firewall Gary Flynn (Mar 29)
- RE: Intrusion Prevention Firewall Pieper, Rodney (Mar 29)
  - RE: Intrusion Prevention Firewall Marcus J. Ranum (Mar 29)
    - Re: Intrusion Prevention Firewall Gary Flynn (Mar 29)
    - Re: Intrusion Prevention Firewall Marcus J. Ranum (Mar 29)
    - RE: Intrusion Prevention Firewall Dave Piscitello (Mar 29)
    - Re: Intrusion Prevention Firewall Crispin Cowan (Mar 29)
- RE: Intrusion Prevention Firewall Stiennon,Richard (Mar 30)