IDS mailing list archives
Re: Changes in IDS Companies?
From: "Proxy Administrator" <proxyadmin () rediffmail com>
Date: 31 Oct 2002 16:30:50 -0000
Hi,I read a lot of messages which say putting an IDS inline would convert it into an Intrusion Prevention System or something to that effect. This would be true to a certain extent. Putting it inline would make sure that you see all the packets, so you wouldn't miss any attack that it *could* detect. Basically, the solution that is being propagated here is an IDS which is going to take action by resetting connections, blocking IP addresses etc. Still not an actual IPS. I would think that something like "systrace" qualifies as an Intrusion Prevention solution more than an inline IDS. We set rules as to how a privileged process is supposed to behave and anything out of the ordinary would not be allowed. That seems more like Intrusion Prevention than the other solutions, which are detecting intrusions and dropping connections. While "systrace" would in my opinion qualify as a host-based intrusion prevention system, something similar would be needed to qualify as NIPS.
Regards, Proxy Administrator
Current thread:
- Re: Changes in IDS Companies?, (continued)
- Re: Changes in IDS Companies? Aaron Turner (Oct 28)
- Re: Changes in IDS Companies? Matt Harris (Oct 29)
- Re: Changes in IDS Companies? Aaron Turner (Oct 29)
- Re: Changes in IDS Companies? Matt Harris (Oct 31)
- Re: Changes in IDS Companies? J. Foobar (Oct 31)
- Re: Changes in IDS Companies? Martin Roesch (Oct 31)