IDS mailing list archives
Re: True definition of Intrusion Prevention
From: George Capehart <gwc () acm org>
Date: Fri, 2 Jan 2004 10:56:56 -0500
On Friday 02 January 2004 09:41 am, Teicher, Mark (Mark) wrote:
<comments within>
<snip>
<Yes, that was the point, that marketing type people have blinded me with their definition, that I am completely confused and dumbfounded>
*grin* Well, then, I guess that disqualifies you from being a Gartner-reading pointy-haired manager . . . ;-> <snip>
<Prevention, my mother always told me always use "protection", but to this day, I am not quite sure what she meant>\
Heh. My dad used to tell me the same thing . . . but he made *really* sure that I knew what he meant. *wince* <snip>
<The term "Intrusion Prevention" isn't clearly defined, as you have observed, but "Intrusion Blocking" doesn't ring the ears like the marketing folks what you to do"
Ah, yes! *Now* I'm beginning to understand . . .
Don't get me wrong, I don't have a problem with "intrusion blocking" if it is successful . . . that is, if the attack is detected in time and the appropriate "blocking mechanisms" are available. I'd just rather call a duck a duck . . . ;-) I think it is possible to build an "intrusion blocking device." Intrusion prevention is a process. (Apologies to Bruce Schneier ;-) ) <"Intrusion Prevention is a process??" What kind of blocking mechanisms are you referring to ?? I have never met a duck who dabbles in information security, I have heard of a cat who swipes at their owner when they program insecure code :)>
What I really had in mind when I said that was that, to me at least, if there really could be such a thing as Intrusion Prevention (TM), that sort of implies staying ahead of the attacker. That is a process. One of the tools the process could/would use is "intrusion blocking." Another thing the process would/could do is design and build systems that don't have weaknesses that could be exploited in intrusion attacks. Another is to neutralize the attackers before they attack. *All* of this, though is a process. Preventing an intrusion by blocking implies understanding the vulnerabilities of the system, the corresponding attack vectors and putting layers of defense in place that will either block outright or "defang" the attack. But the world isn't static, new vulnerabilities are exposed and new attacks are concocted daily. Staying on top of them takes constant effort and implementing defenses and installing patches is an ongoing process. This is why I feel that Intrusion Prevention (TM) is a process . . . <snip>
<what distinction?? The marketing folks created a term that no one in the industry understands. Blocking is often referring to as TCP Shunning, but since this the New Year's day, why not start the year off without falling off the soapbox :)>
*snicker* *snicker* *guffaw* *guffaw* /g BTW, a happy and prosperous New Year to all. --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: True definition of Intrusion Prevention George Capehart (Jan 02)
- Re: True definition of Intrusion Prevention Mike Poor (Jan 02)
- Re: True definition of Intrusion Prevention Brad McGary (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- <Possible follow-ups>
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 02)
- Re: True definition of Intrusion Prevention George Capehart (Jan 02)
- RE: True definition of Intrusion Prevention Brian Taylor (Jan 05)
- Re: True definition of Intrusion Prevention Gary Flynn (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 02)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Bohling James CONT JBC (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Fengmin_Gong (Jan 05)
- RE: True definition of Intrusion Prevention Fengmin_Gong (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
(Thread continues...)