IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: True definition of Intrusion Prevention

From: Gary Flynn <flynngn () jmu edu>
Date: Fri, 02 Jan 2004 18:59:08 -0500
Teicher, Mark (Mark) wrote:
I wouldn't have taken this up, but I think it is more important to make the distinction between "blocking" and "prevention" than is made in the hype. They just aren't equivalent. Preventing an attack means that action has been taken to keep the attack from happening.
That would be "Attack Prevention" not "Intrusion Prevention". Something that would enable you to reach through the wires and ring their little necks before they hit the enter key. 
Or, perhaps, prevent their conception. :)

Examples of "Intrusion prevention" are:

-a firewall or "IDP" blocking a malicious packet recognized as malicious,
-a security policy and associated router ACL saying "don't allow incoming TCP 
 135 connections",
-a desktop firewall configured similar to the router ACL,
-a security policy saying  all systems  on the network must be centrally
managed and backed up with configuration management software to prevent unnecessary, 
 unpatched, and poorly configured servers from being on the network.
-"IDP" software running on hosts that recognize malicious actions or those contrary to 
  policy and  take steps to avert it

They help to prevent an intrusion caused by an attack.



---------------------------------------------------------------------------
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: