RE: Intrusion Prevention Firewall

[Dave Piscitello <dave () corecom com>]

The other "spin" marketing places on "Intrusion Prevention Firewalls"
is a firewall-IDS integration arrangement where the IDS detects
an attack, and the firewall policy is automatically modified to block
the attack. Some firewalls also market the fact that they can detect
certain DOS attacks and scans (RSSA), and react by damping down traffic
or temporarily blocking sites where the attacks originate (WGRD).

I'm doing the intrusion "prevention" piece of a session at Networld+Interop
in May entitled "Intrusion Detection, Deception, and Prevention". I focus
more on prevention by better software development and deployment
practices. If you want to get an early look at this, I'm happy to post
an html version at my web site.

At 12:00 PM 3/29/2002 -0500, Marcus J Ranum wrote:
> I suspect you are referring to "intrusion prevention" - which is a
> hot new marketing term but basically everything that's being billed
> as "intrusion prevention" is just firewalling + antivirus with
> a bit of fresh paint on it.

David M. Piscitello
Core Competence, Inc. &
The Internet Security Conference
3 Myrtle Bank Lane
Hilton Head, SC 29926
dave () corecom com
www.corecom.com
www.tisc2002.com
hhi.corecom.com/~yodave/