Snort mailing list archives

Re: Re: [Snort-devel] IDS vs IPS

From: Jason <security () brvenik com>
Date: Fri, 29 Aug 2003 00:14:16 -0400

I disagree with the statement that firewalls are about policyenforcement. Traditional firewalls are about access control, this accesscontrol can be used for policy enforcement or it can be validation or itcan be any number of other things.

The firewall has evolved and splintered several times. There are packetfiltering firewalls, stateful firewalls, proxy based firewalls, and nowwhat I would call inspection firewalls. Within each segment you haveadditional capabilities.

There is mixing and matching of these capabilities all over the placeand the better players in the market already do all of these functionsto some degree. Policy enforcement is but a little piece of the firewallpicture.

Because of this I still assert that the new IPS is the natural evolutionof these capabilities and that the better suited players are thesoftware based products that are free to adapt without changing hardwareand developing new platforms. Simply put I think it is a lot easier fora software based solution to adapt to the case where the rewardovercomes the risk.

A few of the new vendors were mentioned as being positioned well forthis change, I would ask why then is the positioning for those productsbuy now and you will already have it when it is ready for prime time? Iwould rather spend that capital elsewhere and wait the same amount oftime for my existing firewalls to be ready.


Bob Walder wrote:

One important distinction

Firewalls are about policy enforcement - IDS and IPS are about detection
(as of THIS moment in time)




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Re: [Snort-devel] IDS vs IPS, (continued)
- - - Re: Re: [Snort-devel] IDS vs IPS Mark Teicher (Aug 28)
    - Re: Re: [Snort-devel] IDS vs IPS Jeff Nathan (Sep 01)
    - Re: Re: [Snort-devel] IDS vs IPS Mark Teicher (Sep 02)
    - Re: Re: [Snort-devel] IDS vs IPS Jeff Nathan (Aug 30)
    - Re: Re: [Snort-devel] IDS vs IPS Gary Flynn (Sep 02)
    - Re: Re: [Snort-devel] IDS vs IPS Mark Teicher (Sep 02)
    - Re: Re: [Snort-devel] IDS vs IPS Frank Knobbe (Sep 02)
- RE: Re: [Snort-devel] IDS vs IPS Bob Walder (Aug 22)
- RE: Re: [Snort-devel] IDS vs IPS Bob Walder (Aug 28)
  - RE: Re: [Snort-devel] IDS vs IPS Gordon Cunningham (Aug 28)
  - Re: Re: [Snort-devel] IDS vs IPS Jason (Aug 28)
    - RE: Re: [Snort-devel] IDS vs IPS Georges J. Jahchan, Eng. (Aug 29)
  - Re: [Snort-devel] IDS vs IPS Jeff Nathan (Aug 30)
- RE: Re: [Snort-devel] IDS vs IPS Bob Walder (Aug 29)
- RE: Re: [Snort-devel] IDS vs IPS Bob Walder (Aug 29)
- RE: Re: [Snort-devel] IDS vs IPS Bob Walder (Sep 01)
- RE: Re: [Snort-devel] IDS vs IPS Mark Teicher (Sep 02)
- Re: RE: Re: [Snort-devel] IDS vs IPS Mark Teicher (Sep 02)
- RE: Re: [Snort-devel] IDS vs IPS Bob Walder (Sep 02)