Snort mailing list archives
Re: [Snort-devel] IDS vs IPS
From: pieter claassen <pieter () countersnipe com>
Date: 21 Aug 2003 11:28:49 +0100
I agree with Jed in that IPS has been developed to classify a "new" science of automated response to suspected intrusions. However, I do believe this terminology is important to get right and clear because: 1. There are lost of different ways that you can automate response to an intrusion ranging from dropping a susp packet silently on the floor to refusing to do any business with the offending user (Firewall reconfigure) and these things are very different. 2. So many people are running around in the market claiming to be selling IPS and all their products do very different things so how do you compare them? 3. All these products that do different things have profoundly different impacts on the implementor's organisation. They not only change the way company's handle IR but because they are so different, they all change it uniquely. You should really do a custom analysis of the potential benefit/impact of each product to be able to compare them. There is currently too much FUD around IPS and I have started drafting a IPS best practice guide with some input from vendors and consultants to try and get a clearer understanding around the issues that will impact IPS. I believe that will clear the terminology issues up by itself. You can get this guide at http://snortinline.org (note this site is only temporary until the snil community decides if they want to adopt it) IPS should rather be called IDP (Intrusion Detection and Prevention) and Netscreen will love that! Shouldn't this discussion move to the snort-inline mailing list? Pieter On Wed, 2003-08-20 at 23:33, Jeff Nathan wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 *Before you flame me for my answer, spend a few minutes thinking about the formulaic logic I've used to author this response. IPS is a "made up term" invented by people who work in marketing organizations. Before they got their grubby little hands on IDS, this concept was called "gateway IDS" or "inline IDS". Traditionally, Snort is a NIDS. Snort can be used an an inline IDS (or Gateway IDS, or if you're really in love with the term even an "IPS") by using the snort-inline patches.[1] - -Jeff [1] http://sourceforge.net/projects/snort-inline/ On Wednesday, August 20, 2003, at 09:10 AM, Vkmobile () aol com wrote:So is Snort an IDS or an IPS (Intrusion Prevention) or both? Also, how can an IDS be converted to an IPS? Can someone point me in the right direction such as an FAQ or some website where i can read and learn? Thank you.- -- Top security experts. Cutting edge tools, techniques and information. Tokyo, Japan November, 2003 http://www.pacsec.jp -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (Darwin) iD8DBQE/Q/cpEqr8+Gkj0/0RAgRFAJ9oZPC8c3eY7jNAO3cx4kh7uDoh+gCeM1N1 MKBMdLUi/WrPQFqIhruNGEI= =fSJZ -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code4 _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
-- Pieter Claassen CounterSnipe Technologies www.countersnipe.com Highview House Charles Square Bracknell Berskhire RG12 1DF United Kingdom Tel: +44(0) 1344 390 530 Fax: +44(0) 1344 390 700 Mobile: +44 (0) 776 6656 924 email: pieter () countersnipe com
Current thread:
- IDS vs IPS Vkmobile (Aug 20)
- Re: [Snort-devel] IDS vs IPS Jeff Nathan (Aug 21)
- Re: Re: [Snort-devel] IDS vs IPS twig les (Aug 22)
- Re: [Snort-devel] IDS vs IPS pieter claassen (Aug 25)
- Re: IDS vs IPS Matt Kettler (Aug 21)
- Re: IDS vs IPS Ravi (Aug 21)
- Re: IDS vs IPS Stephan Scholz (Aug 22)
- Re: IDS vs IPS Matt Kettler (Aug 22)
- Re: IDS vs IPS Nihar S. Khedekar (Aug 21)
- Re: Re: [Snort-users] IDS vs IPS Yves Boisjoly (Aug 25)
- Re: IDS vs IPS Ravi (Aug 21)
- Re: IDS vs IPS Ravi (Aug 22)
- Available for download? Vkmobile (Aug 21)
- Re: [Snort-devel] Available for download? Brian (Aug 21)
- Re: [Snort-devel] Available for download? Roland Turner (Aug 26)
- Available for download? Vkmobile (Aug 21)
- Re: [Snort-devel] IDS vs IPS Jeff Nathan (Aug 21)