RE: Top IPS vendors - please read for invitation to Network World review.

["Rob Shein" <shoten () starpower net>]

If you fixate too heavily on "prevention" as the key word, then you could
refer to Nessus, or even simple policy documents, as IPS for their role in
assessing security to forestall potential intrusions.  The point here is
that unlike a firewall, an IPS is an active device.  For example, hogwash as
used in a later-generation honeynet alters packets of certain types that
pass through it.  If it sees shellcode that references "/bin/sh" it changes
one byte and the end result is a reference to "/ben/sh," which of course
does not exist.  In this way, it takes the technology of an IDS (attack
detection) and goes one very significant step further to actually foil the
attack.  While I feel that the technology is not quite ready for prime-time
just yet, it is far from just being a marketing term, and certainly does
something that has not previously been done.

> -----Original Message-----
> From: William Bradd [mailto:wbradd () comcast net] 
> Sent: Thursday, August 28, 2003 7:58 PM
> To: focus-ids () securityfocus com
> Subject: RE: Top IPS vendors - please read for invitation to 
> Network World review.
>
>
> Isn't that what a firewall does?
>
> Switch in terms is more a switch in marketing as an attempt 
> to differentiate products.
>
> There is more to a product then a name or buzz word.
>
> -----Original Message-----
> From: Zach Forsyth [mailto:Zach.Forsyth () kiandra com]
> Sent: Thursday, August 28, 2003 12:36 AM
> To: Mark Teicher; Paul Schmehl; focus-ids () securityfocus com; 
> seth.knox () sygate com
> Subject: RE: Top IPS vendors - please read for invitation to 
> Network World review.
>
>
> > -----Original Message-----
> > From: Mark Teicher [mailto:mht3 () earthlink net]
> > Sent: Wednesday, 27 August 2003 22:30 PM
> > To: Paul Schmehl; focus-ids () securityfocus com; seth.knox () sygate com
> > Subject: Re: Top IPS vendors - please read for invitation to Network
> World review.
> > The real question I have is what defines an IPS product 
> versus an IDS..
> IDS
> > is obvious, but IPS, it is a very tough definition
>
> Intrusion DETECTION system
>
> Intrusion PREVENTION system
>
> Seems fairly fundamental to me...I think I know what you are 
> trying to say though, keep referring back to the word prevention :)
>
>
>
> --------------------------------------------------------------
> -------------
> Attend Black Hat Briefings & Training Federal, September 
> 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, 
> VA; the worldBs premier technical IT security event.  
> Modeled after the famous Black Hat event in Las Vegas! 6 
> tracks, 12 training sessions, top speakers and sponsors. 
> Symanetc is the Diamond sponsor.  Early-bird registration 
> ends September 6
> Visit: www.blackhat.com
> --------------------------------------------------------------
> -------------
>
>
>
>
> --------------------------------------------------------------
> -------------
> Attend Black Hat Briefings & Training Federal, September 
> 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, 
> VA; the world’s premier 
> technical IT security event.  Modeled after the famous Black 
> Hat event in 
> Las Vegas! 6 tracks, 12 training sessions, top speakers and 
> sponsors.  
> Symanetc is the Diamond sponsor.  Early-bird registration 
> ends September 6 Visit: www.blackhat.com
> --------------------------------------------------------------
> -------------


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, 
VA; the world’s premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symanetc is the Diamond sponsor.  Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------