IDS mailing list archives
RE: Hi, I want to study IPS
From: "Ingevaldson, Dan (ISS Atlanta)" <dsi () iss net>
Date: Fri, 14 May 2004 15:04:20 -0400
Of course it is true that there are no laws that govern what product should fall into which bucket. Being an employee of ISS, I can assure you that ISS RealSecure Network is not marketed or sold as an IPS, but an IDS. RealSecure (a passive IDS) has the ability to drop connections via TCP RSTs just like many other IDSs, but this is a obvious limitation of the technology. TCP RSTs are not effective at blocking single-packet attacks, and obviously cannot block anything that isn't TCP-based. IDS technology was not designed to block attacks, and therefore isn't very good at it. It is however very good at monitoring segments for malicious traffic. The ISS Proventia product line is based upon RealSecure IDS technology that is deployed on an "inline" appliance. The acid-test for a network IPS is if the box is inline or not. Inline devices can kill connections, drop packets, or even rewrite packets on the fly no matter what type or protocol. In my opinion, there isn't a lot of confusion out there about what a network-based IPS really is. Host-based IPS is a different matter entirely. ------------------ Daniel Ingevaldson Director, X-Force R&D/PSS dsi () iss net 404-236-3160 Internet Security Systems, Inc. Ahead of the Threat http://www.iss.net -----Original Message----- From: Velasquez Venegas Jaime Omar [mailto:jaime () ulima edu pe] Sent: Thursday, May 13, 2004 2:46 PM To: focus-ids () securityfocus com Subject: RE: Hi, I want to study IPS Back when I recently was exposed to IPS term , I tried to understand it and hardly put it in a well-structured categorie of IDS. When I got into the details each of one does , then I could find out that there is no a unique definition for such term. Every vendor will take the best part of other similar technologies and will call it whatever it wants to call it. ISS RealSecure can be defined as just an IPS or an IDS even if it has the ability to drop/reset tcp connections? Yes and No.I mean , by drop/resetting a connection it is not being a simple sniffer, it is taking an action indeed. Now,I try to stick to that IPS definition that says that IPS is: An Inline Security Device which not only sniffers traffic as much as it can but the WHOLE traffic goes through it. It is able to do some action based on Intrustion Engine (Behaviour/Signature Analysis) Jaime Velasquez -----Original Message----- From: Shawn [mailto:wjveno () shaw ca] Sent: Thursday, May 13, 2004 00:29 To: 'cto' Cc: focus-ids () securityfocus com Subject: RE: Hi, I want to study IPS IDS and IPS are using the same tools and same abilities. They are actually the same. IPS came out as a "catch phrase" as a "different" solution than IDS. Please refer to the recent posting from "Frank Knobbe" and "Jason" as a reference. Don't get fooled in terminology and remember there is no "one" solution. Many of us use 4 or 5 types of systems to pull everything together into an IDS solution. Best of luck with your task. HAGO. Wil Veno wjveno () shaw ca shawn () whitehats ca -----Original Message----- From: cto [mailto:cto () kdds co kr] Sent: Tuesday, May 11, 2004 7:10 PM To: focus-ids () securityfocus com Subject: Hi, I want to study IPS Hi, My name is Kyle and developer. I'm developing a NIPS(Network Intrusion Prevention System). I wonder what is different between NIDS and NIPS. Where can I acquire documents or anything that explain NIPS. Please let me know that. Have a nice day!!! PS: I'm sorry for poor English. ---------------------------------------------------------------------- ----- ---------------------------------------------------------------------- ----- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- RE: Hi, I want to study IPS, (continued)
- RE: Hi, I want to study IPS Arun Vishwanathan (May 12)
- RE: Hi, I want to study IPS Arun Vishwanathan (May 12)
- RE: Hi, I want to study IPS Josh Mills (May 12)
- RE: Hi, I want to study IPS (infor) urko zurutuza (May 13)
- RE: Hi, I want to study IPS Velasquez Venegas Jaime Omar (May 13)
- Re: Hi, I want to study IPS Greg Martin (May 14)
- RE: Hi, I want to study IPS Omar Herrera (May 16)
- Re: Hi, I want to study IPS Raistlin (May 22)
- Re: Hi, I want to study IPS Greg Martin (May 25)
- Re: Hi, I want to study IPS Stefano Zanero (May 25)
- RE: Hi, I want to study IPS Ingevaldson, Dan (ISS Atlanta) (May 14)
- RE: Hi, I want to study IPS Runion Mark A FGA DOIM WEBMASTER(ctr) (May 25)
- Re: Hi, I want to study IPS Ali Rajput (May 26)
- Testing IDS/IPS Signatures Securecatalyst (May 28)
- Re: Testing IDS/IPS Signatures Andrea Barisani (May 28)
- Re: Testing IDS/IPS Signatures Ron Gula (May 28)
- Re: Testing IDS/IPS Signatures ravivsn (May 31)
- Re: Hi, I want to study IPS Ali Rajput (May 26)