Re: Top IPS vendors - please read for invitation to Network World review.

[Paul Schmehl <pauls () utdallas edu>]

--On Wednesday, August 27, 2003 6:30 AM -0600 Mark Teicher 
<mht3 () earthlink net> wrote:
> PortSentry - is more of a firewall than IPS, does not have any
> preventative functionality similiar to Cisco Secure Agent aka Okena
> Stormwatch
Have you used PortSentry?  It's certainly not a firewall at all.  It 
detects "bad" behavior and immediately writes rules to the firewall as well 
as to tcpwrappers (if it's configured that way.)  I would define that as an 
IDS.  A specialized one perhaps.  But certainly not a firewall.  PortSentry 
doesn't block anything directly.  If the host doesn't have a firewall 
installed, then all PortSentry can do is either report the problem (through 
logging) or write deny rules to tcpwrappers (if configured to do so.)

As far as all this philosophical rambling about what defines this or that 
or whether or not a term is mere marketing fluff or something more 
substantial, I'll leave that to all the resident experts.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world’s premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symanetc is the Diamond sponsor.  Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------