Firewall Wizards mailing list archives
GIDS, Intrusion Prevention: A Firewall by Any Other Name
From: Crispin Cowan <crispin () wirex com>
Date: Mon, 12 Aug 2002 07:29:26 -0700
Is anyone besides me sick to death of hearing about "intrusion prevention" and "gateway intrusion detection" technologies? These are devices that sit in-line between the Internet and your LAN, apply intrusion detection pattern matching rules to the content they see streaming in to your site, and block the stuff they deem to be "bad." The canonical example being the Inline SNORT (nee Hogwash) open source project.
To me, this is a firewall. It is sitting in exactly the same place in the network topology, performing the same function. It is using new kinds of rules to distinguish "good" traffic from "bad", but it is none-the-less a firewall.
I am *not* criticizing the technology. I really like Hogwash. I don't mean to pick on Hogwash either; it's just more well known than other proprietary "intrusion prevention" technologies (i.e. I've forgotten the other vendor's names :) I think it is a *fine* idea to apply the more conservative, reliable part of IDS techniques to the firewall problem.
I'm just irritated at devices that are fundamentally acting as firewalls being labeled as some other kind of thing. Technology is hard enough for people to understand without confounding the problem by labeling similar devices with different names. So call it a "GIDS Firewall" or a "Signature Firewall" or something. But lets dispose of "intrusion prevention" in the tired hype bit bucket.
"'Intrusion Detection' is what you call it when your security mechanism is so slow, innacurate, or otherwise broken that you cannot actually use it as an access control policy." -- me :)
Corollary: 'access control' is what you call it when your IDS rules become fast and precise enough to act like a firewall.
What set me off: reading yet another article about In-line SNORT/Hogwash that goes on for paragraphs trying to describe the technology without ever managing to use the word "firewall." Fine technology, confounded description.
Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Paul D. Robertson (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ryan Russell (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Frank Knobbe (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ryan Russell (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Barney Wolff (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name B. Scott Harroff (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Frank Knobbe (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Iván Arce (Aug 13)
(Thread continues...)