Re: AW: General term for Gateway IDS, IDP, IPS ...

[stefmit <stefmit () comcast net>]

IMHO: Yes and no - *inline* implies *something in-between*, while some 
I(ntrusion)P(revention)S(ystems) may just passively "watch" traffic "sitting 
on a stick", learning from the behavioral pattern of traffic they "see" 
passing by (base-line - if you will), then act appropriately when that 
pattern is identified as "out-of-<include_your_rules_here>boundaries". In 
other words I would see inline-IDS belonging (not equivalent!) to the family 
of IPS.

Now - coming back to the original question: the *gateway IDS* is (IMHO, again 
- and I fully agree with you, here) what you would call inline-IDS (i.e. a 
"sort-of" IPS), because it assumes traffic flowing *through* it (thus 
*inline*), and acting upon it (thus the prevention part, vs. the more passive 
detection-only, as the regular IDS would do).

Does this even make sense?!? ;)

Stef

On Thursday 05 June 2003 01:56 am, Liesen, Detmar (LDS) wrote:
> Although people call their products "Intrusion Prevention Systems" this is
> a misleading term.
<snip>
> So a general term for this kind of systems could be the term In-Line-IDS,
<snip>
> -----Ursprungliche Nachricht-----
> Von: Masamichi Tateoka [mailto:tateoka () yasai forus or jp]
> Gesendet: Mittwoch, 4. Juni 2003 16:54
> An: focus-ids () securityfocus com
> Betreff: General term for Gateway IDS, IDP, IPS ...
>
>
> Hi,
>
> I'd like to know the general term for Gateway IDS, IDP, IPS ...
>
> Last year, it was discussed about Gateway IDS
> - the device that work like a firewall but additionally can block packets
> after an correlation with IDS signatures - on this ML.
>
> Now, there are some commercial products, NetScreen NetScreen-IDP,
> Symantec Symantec Gateway Security,TopLayer Attack Mitigator IPS,
> and Sanctum AppShield.
> Actually I also made MAGNIA2000Ri/Anti-Hacker for Toshiba Corp.
> ( http://cn.toshiba.co.jp/prod/iaserver/magnia/2000ri/anti/index.htm
> Sorry Japanese page only.)
>
> I'd like to know the general term for these device.
> Now I explain my product like this,
> "The device for protect Web Server from the attack
> that we can't protect by firewall." ( Too long!!  X-( )
>
> I know NetScreen call their products "Intrusion Detectsion
> and Prevention solution."
> And also TopLayer call their products
> "Intrusion Prevention Solutions."
> But It seems there terms are not so common.
>
> Any suggestion is welcome.
>
> Thank you.
>
>                                   Masamichi Tateoka
>                                   ( tateoka () yasai forus or jp )
>
> ---------------------------------------------------------------------------
> ---- INTRUSION PREVENTION: READY FOR PRIME TIME?
>
> IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities
> - including intrusion identification, relevancy, direction, impact and
> analysis - enabling a path to prevention.
>
> Download the latest white paper "Intrusion Prevention: Myths, Challenges,
> and Requirements" at:
> http://www.securityfocus.com/IntruVert-focus-ids2
> ---------------------------------------------------------------------------
> ----
>
>
>
> ---------------------------------------------------------------------------
> ---- INTRUSION PREVENTION: READY FOR PRIME TIME?
>
> IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities
> - including intrusion identification, relevancy, direction, impact and
> analysis - enabling a path to prevention.
>
> Download the latest white paper "Intrusion Prevention: Myths, Challenges,
> and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2
> ---------------------------------------------------------------------------
> ----


-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities 
- including intrusion identification, relevancy, direction, impact and analysis 
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------