IDS mailing list archives
Re: Top IPS vendors - please read for invitation to Network World review.
From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 28 Aug 2003 17:29:13 -0500
--On Wednesday, August 27, 2003 6:30 AM -0600 Mark Teicher <mht3 () earthlink net> wrote:
Have you used PortSentry? It's certainly not a firewall at all. It detects "bad" behavior and immediately writes rules to the firewall as well as to tcpwrappers (if it's configured that way.) I would define that as an IDS. A specialized one perhaps. But certainly not a firewall. PortSentry doesn't block anything directly. If the host doesn't have a firewall installed, then all PortSentry can do is either report the problem (through logging) or write deny rules to tcpwrappers (if configured to do so.)PortSentry - is more of a firewall than IPS, does not have any preventative functionality similiar to Cisco Secure Agent aka Okena Stormwatch
As far as all this philosophical rambling about what defines this or that or whether or not a term is mere marketing fluff or something more substantial, I'll leave that to all the resident experts.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ---------------------------------------------------------------------------Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------
Current thread:
- Re: Top IPS vendors - please read for invitation to Network World review. Andy Cuff [Talisker] (Aug 05)
- <Possible follow-ups>
- Re: Top IPS vendors - please read for invitation to Network World review. Andrew Plato (Aug 26)
- Re: Top IPS vendors - please read for invitation to Network World review. Paul Schmehl (Aug 26)
- Re: Top IPS vendors - please read for invitation to Network World review. Mark Teicher (Aug 27)
- Re: Top IPS vendors - please read for invitation to Network World review. Paul Schmehl (Aug 28)
- Re: Top IPS vendors - please read for invitation to Network World review. Daniel Cid (Aug 29)
- Re: Top IPS vendors - please read for invitation to Network World review. Paul Schmehl (Aug 26)
- Re: Top IPS vendors - please read for invitation to Network World review. Ron Gula (Aug 26)
- Re: Top IPS vendors - please read for invitation to Network World review. dodo (Aug 27)
- Re: Top IPS vendors - please read for invitation to Network World review. Scott Wimer (Aug 28)
- Re: Top IPS vendors - please read for invitation to Network World review. Mark Teicher (Aug 30)