Firewall Wizards mailing list archives
Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name
From: Barney Wolff <barney () tp databus com>
Date: Mon, 12 Aug 2002 19:53:15 -0400
On Mon, Aug 12, 2002 at 05:09:01PM -0600, Ryan Russell wrote:
I think a more interesting question is: if GIDS is the new "firewall", then why did firewalls running on top end PCs max at 100mbps or so with just a few dozen rules and terribly simply filtering capabilities... while a GIDS with much more interesting filterinag capabilities and a few thousand rules can also do the same? Did PCs just get that much faster? (I think part of the answer has to do with the fact that IDS' are much less concerned with various groups of IP addresses, like inside, outside, DMZ, web_servers, etc...)
I think it has to do with cultural acceptability. A firewall that failed open would be laughed off the market, but an IDS is allowed to miss some attacks, and if your IDS ignores some packets because its queues have overflowed, you'll never know. -- Barney Wolff I'm available by contract or FT: http://www.databus.com/bwresume.pdf _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Paul D. Robertson (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ryan Russell (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Frank Knobbe (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ryan Russell (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Barney Wolff (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name B. Scott Harroff (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Frank Knobbe (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Iván Arce (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 14)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Mikael Olsson (Aug 14)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ofir Arkin (Aug 16)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 17)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 17)