IDS mailing list archives

Re: Changes in IDS Companies?

From: "Proxy Administrator" <proxyadmin () rediffmail com>
Date: 31 Oct 2002 16:30:50 -0000

Hi,

I read a lot of messages which say putting an IDS inline wouldconvert it into an Intrusion Prevention System or something tothat effect. This would be true to a certain extent. Putting itinline would make sure that you see all the packets, so youwouldn't miss any attack that it *could* detect. Basically, thesolution that is being propagated here is an IDS which is going totake action by resetting connections, blocking IP addresses etc.Still not an actual IPS.I would think that something like "systrace" qualifies as anIntrusion Prevention solution more than an inline IDS. We setrules as to how a privileged process is supposed to behave andanything out of the ordinary would not be allowed. That seems morelike Intrusion Prevention than the other solutions, which aredetecting intrusions and dropping connections.While "systrace" would in my opinion qualify as a host-basedintrusion prevention system, something similar would be needed toqualify as NIPS.


Regards,

Proxy Administrator

Current thread:

Re: Changes in IDS Companies?, (continued)
- - - Re: Changes in IDS Companies? Aaron Turner (Oct 28)
    - Re: Changes in IDS Companies? Matt Harris (Oct 29)
    - Re: Changes in IDS Companies? Aaron Turner (Oct 29)
    - Re: Changes in IDS Companies? Matt Harris (Oct 31)
    - Re: Changes in IDS Companies? J. Foobar (Oct 31)
- Re: Changes in IDS Companies? Marcus J. Ranum (Oct 26)
- RE: Changes in IDS Companies? Dante Mercurio (Oct 28)
- Re: Changes in IDS Companies? Kevin Jones (Oct 29)
  - Re: Changes in IDS Companies? Martin Roesch (Oct 31)
- RE: Changes in IDS Companies? Ramesh Gupta (Oct 30)
- Re: Changes in IDS Companies? Proxy Administrator (Oct 31)
- RE: Changes in IDS Companies? Mills, Alvin R. (Oct 31)