IDS mailing list archives
True definition of Intrusion Prevention
From: "Teicher, Mark (Mark)" <teicher () avaya com>
Date: Sun, 28 Dec 2003 09:44:54 -0700
Again, I am broaching the subject of what is the true definition of Intrusion Prevention. Can someone on the list please enlighten me. It appears the definition of IPS has yet been re-formed by various market analysts and some vendors. Normalization and anomaly detection is not "Intrusion Prevention".. What is the difference between Intrusion Detection, Intrusion Prevention at the high level. Then at the granular level, Network Intrusion Prevention versus Network Intrusion Detection, Host Intrusion Prevention, Host Intrusion Detection? Some vendors have mentioned the use of "black list" vs "white list" This is appears a bit more subjective, and less effective in most enterprises since this would require application network traffic analysis, and researching all the little .dlls that are associated with various applications in order to derive an effective "black list" versus "white list" policy. This then brings me to another point, host integrity checking, this technology makes no sense, all it is a simple check for running a certain application, patch level, or av engine. There are various vendors out there that offer AV/Patch management solutions that offer a enhanced feature set than just a check for a registry. *points to ponder* /mark --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- True definition of Intrusion Prevention Teicher, Mark (Mark) (Dec 29)
- Re: True definition of Intrusion Prevention Gary Flynn (Dec 30)
- <Possible follow-ups>
- Re: True definition of Intrusion Prevention Ron Gula (Dec 29)
- Re: True definition of Intrusion Prevention Gary Flynn (Dec 30)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Dec 29)
- Re: True definition of Intrusion Prevention Gary Flynn (Dec 30)
- RE: True definition of Intrusion Prevention Craig H. Rowland (Dec 30)
- RE: True definition of Intrusion Prevention Richard Bejtlich (Dec 30)
- Re: True definition of Intrusion Prevention Bamm Visscher (Dec 30)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Dec 30)
- RE: True definition of Intrusion Prevention Frank Knobbe (Dec 30)
(Thread continues...)