IDS mailing list archives
RE: Alarm response strategies
From: Richard Bejtlich <taosecurity () gmail com>
Date: Tue, 27 Jul 2004 16:28:56 -0400
Rob Shein wrote: "What I do see happening is for IPS and IDS to converge to some degree, so that we can have the larger alert capability of an IDS combined with the proactive (couldn't think of a better word to offset reactive...just plain active, perhaps?) capability of an inline IPS." -- If I could have one wish granted, it would be for the IPS to be recognized as a layer 7 firewall, and not compared to an IDS. If there's convergence ahead (and I agree with you that there is), let's see the IPS merge into the access control device known as the firewall. I want my network audit device to perform no access control at all, unless in absolutely dire emergencies. We already see "convergence" multipurpose boxes that are switches/routers/VPN concentrators/firewalls/wireless gateways/anti-virus/IDS/etc., but this is more for small shops in my opinion. Conceptually speaking an IPS is an access control device and an IDS is a network audit device. Sincerely, Richard http://www.taosecurity.com -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Alarm response strategies (infor) urko zurutuza (Jul 25)
- RE: Alarm response strategies Rob Shein (Jul 26)
- Re: Alarm response strategies David W. Goodrum (Jul 27)
- Re: Alarm response strategies Tony Carter (Jul 27)
- RE: Alarm response strategies Frank Knobbe (Jul 27)
- RE: Alarm response strategies Rob Shein (Jul 27)
- Re: Alarm response strategies David W. Goodrum (Jul 28)
- RE: Alarm response strategies Frank Knobbe (Jul 28)
- RE: Alarm response strategies Rob Shein (Jul 26)
- <Possible follow-ups>
- RE: Alarm response strategies Joshua Berry (Jul 27)
- RE: Alarm response strategies Richard Bejtlich (Jul 28)
- RE: Alarm response strategies Joshua Berry (Jul 28)