IDS mailing list archives
Re: RE: RE: IDS vs. IPS deployment feedback
From: xris375 () gmail com
Date: 29 Mar 2006 16:28:34 -0000
The title of the discussion is IDS vs. IPS deployment feedback. Both IDS and IPS are not stronger nor weaker than the rules that controls them. As far as I know you could run the same type of rules (signature and/or anomali based) on an IDS as on an IPS. Thus an IDS could detect any network or host activity as well as an IPS could. The main difference is in what you do with the information. I rather have an experienced analyst implementing the security policy rather than a machine. Most of the IDS has implemented ways to stop traffic through the firewall. AFAIK it hasn't been much used because it opens up a considerable DoS vulnerablility. If I know what rules shut down connections, I can craft packets that shuts down valid connections. If installed correctly, an IDS is an network/host recording device that is very resistant to evidence manipulation. More so at least than an IPS that must be installed inline. Firewalls and IPS has the same characteristics in that if either one stops working, traffic goes down as well. So by installing an IPS you have two devices that can stop your connection. By using an IDS you only have one device (the firewall) that can shut down your network.
This is like saying, "by buying a car, you open >yourself up to an auto accident." Well, sure. There is risk in >everything. Its absurd to think that just because something has risk, its >useless.
I would rather buy a cheap car that I can steer myself than trusting an expensive car running on autopilot :) ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Re: IDS vs. IPS deployment feedback, (continued)
- Re: IDS vs. IPS deployment feedback Jean-Philippe Luiggi (Mar 23)
- RE: IDS vs. IPS deployment feedback Carey, Steve T GARRISON (Mar 21)
- Re: IDS vs. IPS deployment feedback nightelfhunter (Mar 21)
- RE: IDS vs. IPS deployment feedback Andrew Plato (Mar 23)
- Re: IDS vs. IPS deployment feedback Stefano Zanero (Mar 27)
- RE: IDS vs. IPS deployment feedback Cojocea, Mike (IST) (Mar 27)
- Re: RE: IDS vs. IPS deployment feedback xris375 (Mar 27)
- RE: RE: IDS vs. IPS deployment feedback Andrew Plato (Mar 28)
- Re: RE: IDS vs. IPS deployment feedback Devdas Bhagat (Mar 29)
- Re: RE: IDS vs. IPS deployment feedback Jean-Philippe Luiggi (Mar 31)
- Re: RE: IDS vs. IPS deployment feedback Devdas Bhagat (Mar 29)
- Re: RE: RE: IDS vs. IPS deployment feedback xris375 (Mar 30)
- Re: RE: RE: IDS vs. IPS deployment feedback Sanjay Rawat (Mar 31)
- Re: Re: RE: RE: IDS vs. IPS deployment feedback trashcanmn (Mar 31)
- RE: RE: IDS vs. IPS deployment feedback Andrew Plato (Mar 31)