FW: Hi, I want to study IPS

["Tarek Amr Abdullah" <tabdullah () salec com eg>]

Hi Kyle Minogue,
 
The main difference between IDS and IPS is that IDS only monitors the
network firing alarms whenever there is an attack, while IPS takes an
action in real time by blocking or allowing traffic.
IDS works as a sniffer, while IPS works inline just like a firewall for
example.
Snort <http://www.snort.org> is an example of NIDS, while NetScreen's
IDP <http://www.juniper.net> and ISS Proventia <http://www.iss.net> are
examples of IPS.
 
WRT the development, I thin you have to decide first one of the
following:
• Will it be an IDS or an IPS
• Will it be a Signatures Based, Statistical Based, Protocol Anomaly, or
any combination of them?
• Will you write your all signatures if any, or use open signatures.
• Will it be multi tier architecture, i.e. some sensors with a
centralized management to collect the events from them. Or a single tier
architecture.
 
 
Best Regards,
Tarek Amr Abdallah
 
-----Original Message-----
From: cto [mailto:cto () kdds co kr] 
Sent: Wednesday, May 12, 2004 3:10 AM
To: focus-ids () securityfocus com
Subject: Hi, I want to study IPS
 
Hi, 
My name is Kyle and developer.
 
I'm developing a NIPS(Network Intrusion Prevention System).
I wonder what is different between NIDS and NIPS.
Where can I acquire documents or anything that explain NIPS.
Please let me know that.
 
Have a nice day!!!
 
PS: I'm sorry for poor English.
 
 
------------------------------------------------------------------------
---
 
------------------------------------------------------------------------
---
 


---------------------------------------------------------------------------

---------------------------------------------------------------------------