IDS mailing list archives
IPS comparison
From: Rubayat.Zahir () csfb com
Date: 1 Sep 2005 18:40:21 -0000
IPS/IDS can claim all they want on Zero Day exploits. I can assure you its a player's luck. I had client during my Big X career who were saved by ISS on SQL Slammer, and hit hard on Nimda and Code Red. Its really a players luck. All IDS/IPS require full customization to your environment (i.e. Applications, Code, Platforms etc.). Second of all, based on the patterns I have seen, it is truly a variance among vendors (ISS, Enterasys, Cisco, Snort, etc.). Lastly, the best of all IDS's are ones that has the capability to perform attack correlations. Some IPSs are software (e.g. those from Computer Associates, McAfee, Snort) that you run on your own servers (which may be Windows and/or Linux-based), while others are dedicated appliances (including SonicWALL, McAfee, Juniper and Cisco). Your company may have a policy that limits you to one type or the other. To be frank, In many cases, IDS and IPS its the same piece of kit, thats just been re-categorised by the vendors - protection seems an awful lot more marketable than just detection (especially if a detection system just writes an alert to a log file that you only get a chance to look at once a week). ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- IPS comparison Rubayat . Zahir (Sep 01)
- <Possible follow-ups>
- RE: IPS comparison Joseph Hamm (Sep 02)
- RE: IPS comparison James Williams (Sep 02)
- RE: IPS comparison Zahir, Rubayat (Sep 02)
- Re: IPS comparison Frank Knobbe (Sep 05)
- Re: IPS comparison Adam Powers (Sep 07)
- Re: IPS comparison Sanjay Rawat (Sep 08)
- Re: IPS comparison Frank Knobbe (Sep 09)
- Re: IPS comparison Sanjay Rawat (Sep 12)
- MIT Darpa Dataset, Wilmar SULAIMAN (Sep 19)
- Re: MIT Darpa Dataset, Sanjay Rawat (Sep 21)