IDS mailing list archives

RE: IPS comparison

From: Frank Knobbe <frank () knobbe us>
Date: Sat, 03 Sep 2005 02:06:45 -0500

On Tue, 2005-08-30 at 23:58 +0100, Seek Knowledge wrote:

IMHO comparing pure play havior detection to IPS is
like comparing apples and oranges.


Of course. IPSes are access control devices (filtering bad traffic)
while IDSes are validation devices that alert when invalid/abnormal
traffic is present.

 but I'll take IPS wherever I can
get it thank you. If one can't afford IPS... then I
guess going the forensics only route is better than
nothing.


If you can't get apple you take an orange? Remember, these are different
tools. You can very well have an IPS as a filter and an IDS to verify
that the filter works. It's not an either-or situation. Different tools
for a different job.


Cheers,
Frank


-- 
Ciscogate: Shame on Cisco. Double-Shame on ISS.

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

RE: IPS comparison, (continued)
- RE: IPS comparison Joseph Hamm (Sep 02)
- RE: IPS comparison James Williams (Sep 02)
- RE: IPS comparison Zahir, Rubayat (Sep 02)
- Re: IPS comparison Frank Knobbe (Sep 05)
  - Re: IPS comparison Adam Powers (Sep 07)
  - Re: IPS comparison Sanjay Rawat (Sep 08)
    - Re: IPS comparison Frank Knobbe (Sep 09)
    - Re: IPS comparison Sanjay Rawat (Sep 12)
    - MIT Darpa Dataset, Wilmar SULAIMAN (Sep 19)
    - Re: MIT Darpa Dataset, Sanjay Rawat (Sep 21)
- RE: IPS comparison Frank Knobbe (Sep 05)
  - RE: IPS comparison Seek Knowledge (Sep 07)
    - RE: IPS comparison Frank Knobbe (Sep 08)
- Re: RE: IPS comparison gmail (Sep 14)