IDS mailing list archives
Re: IPS technology question.
From: huy tran <ccna1998 () yahoo com>
Date: Wed, 24 Aug 2005 15:42:08 -0700 (PDT)
Hello. I just recently worked on an IPS project and here are some of the info based on that work. This is kind of a round about answer to your question. I am aware of about 30 major IPS (or IDS claiming to have IPS functionality). For the most part all are PC based. The few major players that are ASIC/FPGA that I remember off the top of my head are: McAfee, TippingPoint, Radware... Question 1: In my opinion, the % is about 75% CPU based and 25% Asic/FPGA based. However this is trending toward the ASIC/FPGA to address the throughput requirement. Question 2: I am not sure if I understand this fully. Firewall for the most part works around layer 3/4 (dealing with IP address and ports) whereas IPS works at the higher layer (dealing with vulnerabilities such as web traffic that is already allowed through firewall). There are some grey area where IPS can do some firewall (basic filtering) and firewall can perform deep packet inspection (basic worm/virus detection) but I see them as complementary security devices. IPS state: IPS is different from a standpoint that it needs to be inline and not passive like IDS so adoption at business is not as brisk. However there are certain workaround to mitigate those risks. In my opinion I think IPS will dominate because it can actively stop those fast moving worms like nimda, sql slammer, zotob which could render a large enterprise's newtork in minutes or at the very least give you some breathing room while you leisurely patch your servers. Good luck. --- snort user <snort.user () gmail com> wrote:
Greetings. What percentage of the IPS systems are out there, which does not use co-processors/FPGA etc.. What percentage of the IPS systems depend on firewalls like iptables and ip filter ? I am just trying to get an idea of what is the state of art in the IPS technology space. Any information is appreciated. Thanks
------------------------------------------------------------------------
Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- IPS technology question. snort user (Aug 23)
- Re: IPS technology question. planz (Aug 23)
- Re: IPS technology question. Pukhraj Singh (Aug 24)
- Re: IPS technology question. Joey Peloquin (Aug 25)
- Re: IPS technology question. Bob Walder (Aug 27)
- Re: IPS technology question. Joey Peloquin (Aug 25)
- Re: IPS technology question. huy tran (Aug 24)
- <Possible follow-ups>
- RE: IPS technology question. Swift, David (Aug 24)
- RE: IPS technology question. THolman (Aug 30)
- Re: IPS technology question. Richard Bejtlich (Aug 30)
- RE: IPS technology question. Swift, David (Aug 30)
- Re: IPS technology question. Jason Wright (Aug 30)
- RE: IPS technology question. Palmer, Paul (ISSAtlanta) (Aug 30)
- RE: IPS technology question. THolman (Aug 31)