IDS mailing list archives
RE: True definition of Intrusion Prevention
From: "Brian Taylor" <drak3 () comcast net>
Date: Sat, 3 Jan 2004 02:10:31 -0500
Did that dead horse just twitch again? ***Whips out beating stick*** Yes, I believe that most (if not all of us) agree that this discussion/debate over IPS is a bit of marketing mixed in with a dollop of semantics. BUT, building slightly on what George said--IPS (or whatever you choose to call it) is a move in the right direction for InfoSec. The day where you have an IDS that sees everything short of arson, robbery and capital murder but it does not do anything other than DETECT is a short one. We're finally moving to holistic approaches to security that are going beyond the layered model of thinking in some cases. When I visit my doctor, she may yell at me or put me on a diet due to my poor eating habits. This PREVENTS things like heart disease, diabetes and Doritos poisoning (eat enough of em...it's possible). The old way was to treat the illnesses as they occur. Now, we realize that X causes Y which can lead to Z. We now try to head it off at the pass. So preventative medicine is what I'd like to think that IPS should be. And looking at trends, it is looking like we are headed in that direction. 10 years ago, would the few InfoSec practitioners mentioned things like policies alongside technology--and give them equal weight??? I doubt it. Call it what you want. Intrusion Blocking Systems, Intrusion prevention Systems, whatever. Is it using a synergistic set of technologies, policies and PEOPLE that work as seamlessly as possible to prevent an actual intrusion or compromise of our systems? If we're talking hardware or software, it would not be some egregious crime to call it IPS **as long as it fits that criteria**. Does this firewall work and play well with my IDS to prevent compromise of my network? Whatever one chooses to call it, I believe that should be our aim. ...and I guess that would be my definition as well. I've never been one to be too concerned about labels. The horse was still kicking slightly when I got here. I promise! ---------------------------------------------------------------------- Brian Taylor johnthedwarf () ziplip com "Sure you can get HIV from a mosquito -- if you have unprotected sex with one!" ---------------------------------------------------------------------- -----Original Message----- From: George Capehart [mailto:gwc () acm org] Sent: Friday, January 02, 2004 10:57 AM To: Teicher, Mark (Mark); Gary Flynn Cc: focus-ids () securityfocus com Subject: Re: True definition of Intrusion Prevention On Friday 02 January 2004 09:41 am, Teicher, Mark (Mark) wrote:
<comments within>
<snip> --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: True definition of Intrusion Prevention George Capehart (Jan 02)
- Re: True definition of Intrusion Prevention Mike Poor (Jan 02)
- Re: True definition of Intrusion Prevention Brad McGary (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- <Possible follow-ups>
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 02)
- Re: True definition of Intrusion Prevention George Capehart (Jan 02)
- RE: True definition of Intrusion Prevention Brian Taylor (Jan 05)
- Re: True definition of Intrusion Prevention Gary Flynn (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 02)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Bohling James CONT JBC (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Fengmin_Gong (Jan 05)
- RE: True definition of Intrusion Prevention Fengmin_Gong (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
(Thread continues...)