IDS mailing list archives
Re: IPS, alternative solutions
From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Wed, 15 Sep 2004 16:43:57 +0100
--On 14 September 2004 10:01 +0000 Daniel <deeper () gmail com> wrote:
So far there has been a load of talk discussing which is the better technology. Personally i dont think IPS is ready for the big time. Yeah its great for small mum and dad networks, but for large financial networks with billions of pounds flowing across them, would you trust a technology to think and block what it seems as bad traffic?
Certainly that's a risk with limited-accuracy signatures that are commonplace today.
So what are the alternatives? I'd say more host based protection such as: - Stack protection - Application level firewalls (ModSecurity/SecureIIS)
These two technologies are often included in Host IPS products.
- Host based firewalls
Useful, but won't help in isolation (e.g. user receives a 0-day worm via a email attachment to their hotmail account and runs it; or, loads a malicious JPG image with an application that's vulnerable to MS04-28)
Best Regards, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- IPS, alternative solutions Daniel (Sep 15)
- Re: IPS, alternative solutions Scott Wimer (Sep 15)
- Re: IPS, alternative solutions Jason (Sep 16)
- Re: IPS, alternative solutions Scott Wimer (Sep 15)
- Re: IPS, alternative solutions Jason Haar (Sep 16)
- Re: IPS, alternative solutions Jason (Sep 16)
- Re: IPS, alternative solutions Alex Butcher, ISC/ISYS (Sep 15)
- Re: IPS, alternative solutions Andy Cuff (Sep 16)
- <Possible follow-ups>
- Re: IPS, alternative solutions Johann_van_Duyn (Sep 15)
- RE: IPS, alternative solutions Palmer, Paul (ISSAtlanta) (Sep 17)
- Re: IPS, alternative solutions Jason (Sep 17)
- RE: IPS, alternative solutions Murtland, Jerry (Sep 17)
- RE: IPS, alternative solutions Cure, Samuel J (Sep 21)
- Re: IPS, alternative solutions Jason (Sep 22)
- Re: IPS, alternative solutions Mike Frantzen (Sep 22)
- Re: IPS, alternative solutions Devdas Bhagat (Sep 27)
- Re: IPS, alternative solutions Thomas Ptacek (Sep 29)
- Re: IPS, alternative solutions Jason (Sep 22)
- Re: IPS, alternative solutions Scott Wimer (Sep 15)