Firewall Wizards mailing list archives

Corporate H/N IPS

From: "Talisker" <talisker () networkintrusion co uk>
Date: Tue, 10 Dec 2002 10:09:39 -0000

Hi
It's that time when I need to seriously look at updating the site.
http://www.networkintrusion.co.uk
Two new categories will be Host and Network Intrusion Prevention Systems, or
to be more precise Corporate IPS.

Firstly the definitions; by Corporate I mean that they can be managed
remotely and they will report into a central console ie not just the local
host.

Intrusion Prevention System (IPS).     More proactive than the traditional
IDS, they actively block traffic deemed as malicious, almost like a firewall
but using IDS techniques to block an attack.

Host IPS.     A HIPS will block an attack aimed at the Host upon which it is
situated, previous names for a HIPS have included Network Node IDS (NNIDS)
or personal firewall.  To quote nss
"It binds closely with the operating system kernel and services, monitoring
and intercepting system calls to the kernel or APIs in order to prevent
attacks".
A HIPS should not to be confused with a HIDS which looks at the host Event
or Sys logs, though many HIPS incorporate HIDS and File Integrity Checking.
examples of HIPS are: Entercept and Intrusion's SHS (Stormwatch)

Network IPS.       What used to be called an inline IDS, it's an IDS with 2
interfaces, it will block those packets that trigger the criteria laid down
by the IDS. examples TippingPoint UnityOne and RealSecure Guard

I'm hoping to get the pages up with a general overhaul over Christmas, my
real job is keeping me too busy these days, so many incidents, so little
time!

I'm looking for a good starting place and therefore looking for lists
containing HIPS and NIPS to start me off on the research, in return I will
collate all the information and feed a summary back into the list.

Bibliography:  NSS http://www.nss.co.uk who have just published a review on
gigabit IDS

Taliskers Network Security Tools
http://www.networkintrusion.co.uk

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Corporate H/N IPS Talisker (Dec 13)
- Re: Corporate H/N IPS Crispin Cowan (Dec 13)
  - Re: Corporate H/N IPS Carson Gaspar (Dec 14)
  - Re: Corporate H/N IPS Talisker (Dec 14)
    - Re: Corporate H/N IPS Crispin Cowan (Dec 14)
    - Re: Corporate H/N IPS Fritz Ames (Dec 15)
    - RE: Corporate H/N IPS Bill Royds (Dec 15)
    - RE: Corporate H/N IPS David Lang (Dec 16)
    - Message not available
    - RE: Corporate H/N IPS Marcus J. Ranum (Dec 17)
- <Possible follow-ups>
- Re: Corporate H/N IPS Chris Boscolo (Dec 16)
  - Re: Corporate H/N IPS Marcus J. Ranum (Dec 17)