IDS mailing list archives
RE: IPS Futures
From: "Rob Shein" <shoten () starpower net>
Date: Thu, 22 Jul 2004 14:51:13 -0400
Actually, that isn't exactly what a typical IPS is these days. For example, by the time a single-packet attack (even if that one packet is TCP and goes after the handshake) takes place, it's too late to lock down the firewall. A snort-based IPS would be like what the honeynet project's gen II honeynets used: snort-inline with hogwash to mangle attacks so they wouldn't work. The idea isn't to respond to the attack, but rather to actively prevent the attack from working in the first place, either by not passing it or by altering it.
-----Original Message----- From: M Shirk [mailto:shirkdog_linux () hotmail com] Sent: Wednesday, July 21, 2004 7:29 AM To: focus-ids () securityfocus com Subject: RE: IPS Futures Basically I you can run an IPS with snort-inline with iptables. This is great, because I am in control, but what I experienced in the real CLIENT world is a whole different story. Some of the implementations of IDS solutions were terrible. I could not trust the same clients to actually setup the IPS correctly. There is too much of a margin of error. However, if this is within your own company, it is the way to go. IPS is a better solution than IDS alone. My paranoia is the real world of terrible implementation. Example would be a spoofed router for their internet connection banging the firewall and the IPS shutsdown all trafiic, and the Internet connection the company used to have :-) I would be interested if anyone is a Managaed Service Securty Provider and has had good luck with installation at remote client sites. Shirkdog
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- IPS Futures Joel M Snyder (Jul 20)
- <Possible follow-ups>
- RE: IPS Futures M Shirk (Jul 22)
- RE: IPS Futures Rob Shein (Jul 25)
- RE: IPS Futures Ed Donegan (Jul 25)
- Re: IPS Futures nick black (Jul 26)