Snort mailing list archives
Re: Re: [Snort-devel] IDS vs IPS
From: Jason <security () brvenik com>
Date: Fri, 29 Aug 2003 00:14:16 -0400
I disagree with the statement that firewalls are about policy enforcement. Traditional firewalls are about access control, this access control can be used for policy enforcement or it can be validation or it can be any number of other things.
The firewall has evolved and splintered several times. There are packet filtering firewalls, stateful firewalls, proxy based firewalls, and now what I would call inspection firewalls. Within each segment you have additional capabilities.
There is mixing and matching of these capabilities all over the place and the better players in the market already do all of these functions to some degree. Policy enforcement is but a little piece of the firewall picture.
Because of this I still assert that the new IPS is the natural evolution of these capabilities and that the better suited players are the software based products that are free to adapt without changing hardware and developing new platforms. Simply put I think it is a lot easier for a software based solution to adapt to the case where the reward overcomes the risk.
A few of the new vendors were mentioned as being positioned well for this change, I would ask why then is the positioning for those products buy now and you will already have it when it is ready for prime time? I would rather spend that capital elsewhere and wait the same amount of time for my existing firewalls to be ready.
Bob Walder wrote:
One important distinction Firewalls are about policy enforcement - IDS and IPS are about detection (as of THIS moment in time)
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Re: [Snort-devel] IDS vs IPS, (continued)
- Re: Re: [Snort-devel] IDS vs IPS Mark Teicher (Aug 28)
- Re: Re: [Snort-devel] IDS vs IPS Jeff Nathan (Sep 01)
- Re: Re: [Snort-devel] IDS vs IPS Mark Teicher (Sep 02)
- Re: Re: [Snort-devel] IDS vs IPS Jeff Nathan (Aug 30)
- Re: Re: [Snort-devel] IDS vs IPS Gary Flynn (Sep 02)
- Re: Re: [Snort-devel] IDS vs IPS Mark Teicher (Sep 02)
- Re: Re: [Snort-devel] IDS vs IPS Frank Knobbe (Sep 02)
- RE: Re: [Snort-devel] IDS vs IPS Gordon Cunningham (Aug 28)
- Re: Re: [Snort-devel] IDS vs IPS Jason (Aug 28)
- RE: Re: [Snort-devel] IDS vs IPS Georges J. Jahchan, Eng. (Aug 29)
- Re: [Snort-devel] IDS vs IPS Jeff Nathan (Aug 30)