RE: IPS comparison

[Seek Knowledge <aseeker03 () yahoo com>]

Actually...  
It is either or when it comes to being in-line. Why
you ask? 1) Cost and 2) Infrastructure... both of
which I have to fight for. From a cost perspective...
I can deploy IDS without really purchasing anything
new... I recycle some hardware, put on Linux and throw
snort on it and I am good to go. IPS... I don't think
so.

Infrastructure wise... its a much easier sell to
deploy passive taps that just copy data than it is to
put an IPS inline which can possibly have a bad affect
on traffic.

I would prefer both... IDS inline with IPS to use as
validation of IPS blocking or to be able to more
adequately create IPS signatures (by taking packet
captures with ethereal or something).

-Hassan

--- Frank Knobbe <frank () knobbe us> wrote:

> >  but I'll take IPS wherever I can
> > get it thank you. If one can't afford IPS... then
> I
> > guess going the forensics only route is better
> than
> > nothing. 
>
> If you can't get apple you take an orange? Remember,
> these are different
> tools. You can very well have an IPS as a filter and
> an IDS to verify
> that the filter works. It's not an either-or
> situation. Different tools
> for a different job.
>
>
> Cheers,
> Frank
>
>
> -- 
> Ciscogate: Shame on Cisco. Double-Shame on ISS.


Send instant messages to your online friends http://uk.messenger.yahoo.com 

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------