IDS mailing list archives
Re: IPS, alternative solutions
From: Johann_van_Duyn () bat com
Date: Wed, 15 Sep 2004 17:17:50 +0200
Good point regarding the host based protection. Patrick Evans, MEA Manager for Symantec, once shared Symantec's view on intrusion prevention, and, in short, it goes something like this: IPS is more than just inline or "active" IDS: it is a combination of technologies, people and processes that ensure that machines and the applications running on them are resistant to, able to recognize and able to recover from attack (anyone read Carnegie-Mellon's Survivable Systems Analysis papers lately... it's been around a while, but it's good stuff, and that's what I call real intrusion prevention). This means a combination of good practices, config and dev standards, gateway security, network security, host security and application security measures and measuring/auditing capabilities. It's not a popular notion, though... the marketing types don't find it as sexy telling you to get your act together and do things the right way as they do telling you that they have one box that solves all your security problems. Using IPS is cool, but only if you're using it as a small cog in a larger security machine that makes sense as a complete protective system. Just my R0.02. :-) -------------------------------------------------------- J o h a n n v a n D u y n -------------------------------------------------------- Daniel <deeper () gmail com> 14-09-2004 12:01 To: focus-ids () securityfocus com cc: Subject: IPS, alternative solutions So far there has been a load of talk discussing which is the better technology. Personally i dont think IPS is ready for the big time. Yeah its great for small mum and dad networks, but for large financial networks with billions of pounds flowing across them, would you trust a technology to think and block what it seems as bad traffic? So what are the alternatives? I'd say more host based protection such as: - Stack protection - Application level firewalls (ModSecurity/SecureIIS) - Host based firewalls I'm interested to see what everyone else feels are alternatives to IPS ______________________________________________________________________ Confidentiality Notice: The information in this document and attachments is confidential and may also be legally privileged. It is intended only for the use of the named recipient. Internet communications are not secure and therefore British American Tobacco does not accept legal responsibility for the contents of this message. If you are not the intended recipient, please notify us immediately and then delete this document. Do not disclose the contents of this document to any other person, nor take any copies. Violation of this notice may be unlawful. ______________________________________________________________________ -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- IPS, alternative solutions Daniel (Sep 15)
- Re: IPS, alternative solutions Scott Wimer (Sep 15)
- Re: IPS, alternative solutions Jason (Sep 16)
- Re: IPS, alternative solutions Scott Wimer (Sep 15)
- Re: IPS, alternative solutions Jason Haar (Sep 16)
- Re: IPS, alternative solutions Jason (Sep 16)
- Re: IPS, alternative solutions Alex Butcher, ISC/ISYS (Sep 15)
- Re: IPS, alternative solutions Andy Cuff (Sep 16)
- <Possible follow-ups>
- Re: IPS, alternative solutions Johann_van_Duyn (Sep 15)
- RE: IPS, alternative solutions Palmer, Paul (ISSAtlanta) (Sep 17)
- Re: IPS, alternative solutions Jason (Sep 17)
- RE: IPS, alternative solutions Murtland, Jerry (Sep 17)
- RE: IPS, alternative solutions Cure, Samuel J (Sep 21)
- Re: IPS, alternative solutions Jason (Sep 22)
- Re: IPS, alternative solutions Mike Frantzen (Sep 22)
- Re: IPS, alternative solutions Devdas Bhagat (Sep 27)
- Re: IPS, alternative solutions Thomas Ptacek (Sep 29)
- Re: IPS, alternative solutions Kyle Maxwell (Sep 23)
- Message not available
- Re: IPS, alternative solutions Jason (Sep 26)
- Re: IPS, alternative solutions Jason (Sep 22)
- Re: IPS, alternative solutions Scott Wimer (Sep 15)