IDS mailing list archives
RE: True definition of Intrusion Prevention
From: "Teicher, Mark (Mark)" <teicher () avaya com>
Date: Sat, 3 Jan 2004 08:28:29 -0700
Actually, it is the cow from "Me, Myself and Irene".. How many times did Jim Carrey shoot the cow ?? I agree with your points, except for your point regarding "Holistic Security". Holistic security has been stated many time in books and statements made by Brent Chapman, Marcus Ranum, Steve Bellovin and Bill Cheswick. Along the way, others discarded the theory for more marketing type hype, SANS Top 20, IDS, HIDS, IPS, etc, etc. But essentially, everyone is talking about the same thing. Holistic security is the theory that drives infosec practitioners to improve security of an enterprise within the confines of the enterprise. Look at PKI, very straight forward architecture, but yet very few enterprise have fully implemented it. Same can be said for Single Sign On (SSO). How many vendors are in that space? A quote from Marcus J. Ranum's book "The Myth of Homeland Security" Marcus states "If you consider the hundreds or thousands of applications and crucial files on a given computer or network, you can imagine that the number of possible combinations for mayhem is literally astronomical." (Available via Amazon..[blatant advertisement here, it is on my recommended book list] :) Most commercial and open source operating systems and security products contains countless bugs because when the core architecture was written, it was designed to be feature rich (i.e. a slick UI,etc), and offer the customer a few key security features that unless they were really knowledgeable, a majority of the security features were never enabled, since Internet enabled services are designed for availability, and not security. /cheers /m -----Original Message----- From: Brian Taylor [mailto:drak3 () comcast net] Sent: Saturday, January 03, 2004 12:11 AM To: George Capehart; Teicher, Mark (Mark); Gary Flynn Cc: focus-ids () securityfocus com Subject: RE: True definition of Intrusion Prevention Did that dead horse just twitch again? ***Whips out beating stick*** Yes, I believe that most (if not all of us) agree that this discussion/debate over IPS is a bit of marketing mixed in with a dollop of semantics. BUT, building slightly on what George said--IPS (or whatever you choose to call it) is a move in the right direction for InfoSec. The day where you have an IDS that sees everything short of arson, robbery and capital murder but it does not do anything other than DETECT is a short one. We're finally moving to holistic approaches to security that are going beyond the layered model of thinking in some cases. When I visit my doctor, she may yell at me or put me on a diet due to my poor eating habits. This PREVENTS things like heart disease, diabetes and Doritos poisoning (eat enough of em...it's possible). The old way was to treat the illnesses as they occur. Now, we realize that X causes Y which can lead to Z. We now try to head it off at the pass. So preventative medicine is what I'd like to think that IPS should be. And looking at trends, it is looking like we are headed in that direction. 10 years ago, would the few InfoSec practitioners mentioned things like policies alongside technology--and give them equal weight??? I doubt it. Call it what you want. Intrusion Blocking Systems, Intrusion prevention Systems, whatever. Is it using a synergistic set of technologies, policies and PEOPLE that work as seamlessly as possible to prevent an actual intrusion or compromise of our systems? If we're talking hardware or software, it would not be some egregious crime to call it IPS **as long as it fits that criteria**. Does this firewall work and play well with my IDS to prevent compromise of my network? Whatever one chooses to call it, I believe that should be our aim. ...and I guess that would be my definition as well. I've never been one to be too concerned about labels. The horse was still kicking slightly when I got here. I promise! ---------------------------------------------------------------------- Brian Taylor johnthedwarf () ziplip com "Sure you can get HIV from a mosquito -- if you have unprotected sex with one!" ---------------------------------------------------------------------- -----Original Message----- From: George Capehart [mailto:gwc () acm org] Sent: Friday, January 02, 2004 10:57 AM To: Teicher, Mark (Mark); Gary Flynn Cc: focus-ids () securityfocus com Subject: Re: True definition of Intrusion Prevention On Friday 02 January 2004 09:41 am, Teicher, Mark (Mark) wrote:
<comments within>
<snip> --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: True definition of Intrusion Prevention, (continued)
- Re: True definition of Intrusion Prevention George Capehart (Jan 02)
- RE: True definition of Intrusion Prevention Brian Taylor (Jan 05)
- Re: True definition of Intrusion Prevention Gary Flynn (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 02)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Bohling James CONT JBC (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Fengmin_Gong (Jan 05)
- RE: True definition of Intrusion Prevention Fengmin_Gong (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- Re: True definition of Intrusion Prevention Frank Knobbe (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Bohling James CONT JBC (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Vigilant Labs (Jan 07)
- Re: True definition of Intrusion Prevention George Capehart (Jan 07)
- Re: True definition of Intrusion Prevention Andrew Plato (Jan 08)