Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Intrusion Prevention Firewall

From: Dave Piscitello <dave () corecom com>
Date: Tue, 02 Apr 2002 09:44:24 -0500
At 01:37 PM 3/30/2002 -0500, StiennonRichard wrote:

This is a sea change in defensive technologies folks. It breaks away from
the more-better-faster IDS camp.


IDS is a testimony to how poorly we have written software and how
lamely we manage systems and networks. We have done such
an amazingly bad job that we've created an entire industry to protect
us from the bad code and bad practices. (I know, I know... making
networks both easy to use and secure...let's not go there...).

Intrusion Prevention isn't a popular notion; it flies in the face of the
"as is" software licenses we all eat daily. Intrusion
Prevention in its most basic form is assuring that code is secure;
e.g., you've prevented buffer overflow attacks because you've eliminated
the very possibility by the thorough analysis of the source before you
offered it to a user/customer. Hardening hosts is also preventative,
it's more like a vaccine than an antibiotic (anti-virus); you've made
your system resistant (immune) to certain attacks.  Examples
abound.

Oh, yes, and once you've innoculated a system, it does perform
intrusion rejection. My opinion is that intrusion rejection is evidence
that your code and configuration prevent intrusions.

David M. Piscitello
Core Competence, Inc. &
The Internet Security Conference
3 Myrtle Bank Lane
Hilton Head, SC 29926
dave () corecom com
www.corecom.com
www.tisc2002.com
hhi.corecom.com/~yodave/


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: