Re: Re: [Snort-devel] IDS vs IPS

[Mark Teicher <mht3 () earthlink net>]

Jeff, and others.

I would someone on this list to actually define Intrusion Prevention System (IPS).  I have observed several companies 
over the last two years claim they are an IPS product but in essence are not.  I have also observed companies 
advertising they are a personal desktop or desktop IDS and recently changed their marketing announcing they are now an 
IPS product.  

I have yet to see a product to live up to the hype of IPS..
or am I missing something..

/thx

/mark
-------Original Message-------
From: Jeff Nathan <jeff () snort org>
Sent: 08/20/03 04:33 PM
To: Vkmobile () aol com
Subject: [Snort-users] Re: [Snort-devel] IDS vs IPS

> -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

*Before you flame me for my answer, spend a few minutes thinking about 

the formulaic logic I've used to author this response.



IPS is a "made up term" invented by people who work in marketing 

organizations.  Before they got their grubby little hands on IDS, this 

concept was called "gateway IDS" or "inline IDS".



Traditionally, Snort is a NIDS.  Snort can be used an an inline IDS (or 

Gateway IDS, or if you're really in love with the term even an "IPS") 

by using the snort-inline patches.[1]



- -Jeff



[1] http://sourceforge.net/projects/snort-inline/



On Wednesday, August 20, 2003, at 09:10 AM, Vkmobile () aol com wrote:



> So is Snort an IDS or an IPS (Intrusion Prevention)��or both?

> ��

> Also, how can an IDS be converted to an IPS? Can someone point me in 

> the right direction such as an FAQ or some website where i can read 

> and learn?

> ��

> Thank you.

>



- --

Top security experts.  Cutting edge tools, techniques and information.

Tokyo, Japan   November, 2003   http://www.pacsec.jp

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)

iD8DBQE/Q/cpEqr8+Gkj0/0RAgRFAJ9oZPC8c3eY7jNAO3cx4kh7uDoh+gCeM1N1
MKBMdLUi/WrPQFqIhruNGEI=
=fSJZ
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.net email is sponsored by Dice.com.
Did you know that Dice has over 25,000 tech jobs available today? From
careers in IT to Engineering to Tech Sales, Dice has tech jobs from the
best hiring companies. http://www.dice.com/index.epl?rel_code4
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
>


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users