IDS mailing list archives
RE: Top IPS vendors - please read for invitation to Network World review.
From: "Rob Shein" <shoten () starpower net>
Date: Mon, 1 Sep 2003 12:22:14 -0400
If you fixate too heavily on "prevention" as the key word, then you could refer to Nessus, or even simple policy documents, as IPS for their role in assessing security to forestall potential intrusions. The point here is that unlike a firewall, an IPS is an active device. For example, hogwash as used in a later-generation honeynet alters packets of certain types that pass through it. If it sees shellcode that references "/bin/sh" it changes one byte and the end result is a reference to "/ben/sh," which of course does not exist. In this way, it takes the technology of an IDS (attack detection) and goes one very significant step further to actually foil the attack. While I feel that the technology is not quite ready for prime-time just yet, it is far from just being a marketing term, and certainly does something that has not previously been done.
-----Original Message----- From: William Bradd [mailto:wbradd () comcast net] Sent: Thursday, August 28, 2003 7:58 PM To: focus-ids () securityfocus com Subject: RE: Top IPS vendors - please read for invitation to Network World review. Isn't that what a firewall does? Switch in terms is more a switch in marketing as an attempt to differentiate products. There is more to a product then a name or buzz word. -----Original Message----- From: Zach Forsyth [mailto:Zach.Forsyth () kiandra com] Sent: Thursday, August 28, 2003 12:36 AM To: Mark Teicher; Paul Schmehl; focus-ids () securityfocus com; seth.knox () sygate com Subject: RE: Top IPS vendors - please read for invitation to Network World review.-----Original Message----- From: Mark Teicher [mailto:mht3 () earthlink net] Sent: Wednesday, 27 August 2003 22:30 PM To: Paul Schmehl; focus-ids () securityfocus com; seth.knox () sygate com Subject: Re: Top IPS vendors - please read for invitation to NetworkWorld review.The real question I have is what defines an IPS productversus an IDS.. IDSis obvious, but IPS, it is a very tough definitionIntrusion DETECTION system Intrusion PREVENTION system Seems fairly fundamental to me...I think I know what you are trying to say though, keep referring back to the word prevention :) -------------------------------------------------------------- ------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldBs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com -------------------------------------------------------------- ------------- -------------------------------------------------------------- ------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com -------------------------------------------------------------- -------------
--------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ---------------------------------------------------------------------------
Current thread:
- RE: Top IPS vendors - please read for invitation to Network World review. Rob Shein (Sep 05)
- <Possible follow-ups>
- Re: Top IPS vendors - please read for invitation to Network World review. Scott Wimer (Sep 05)
- RE: Top IPS vendors - please read for invitation to Network World review. Schmehl, Paul L (Sep 05)
- RE: Top IPS vendors - please read for invitation to Network World review. Daniel Cid (Sep 05)