Snort mailing list archives
Re: Re: [Snort-devel] IDS vs IPS
From: Jeff <jcoppock1 () comcast net>
Date: Wed, 27 Aug 2003 22:44:56 -0700
Frank Knobbe, 2003-Aug-28 03:47 +0000:
On Thu, 2003-08-28 at 03:16, Jason wrote:Thanks, I think the matrix shows fairly well that the _new IPS_ is a natural evolution of the existing firewall.Right. It is the merger of firewall and IDS. It has as much IDS as firewall in it. But I wouldn't say that it is closer to either one. It appears to have evolved into a category of its own.
Agreed. IDS is evolving...or rather its functionality is spawning new uses. The "IPS" function, that of providing an action such as "Deny" based on a signature match, has a nice fit as a DoS prevention system for Firewall systems/appliances. It adds to the overall security of the device itself, as well as the network(s) it is protecting. This IPS capability is based on known attacks and signatures can easily be updated, modified and added.
You can also have confidence in your firewall because your IDS verifies what you told the firewall to do and covers your arse when you let something by because of business requirements or a human error.Exactly. This is precisely the point that Gartner missed. IDS are far from obsolete. You always need to have an IDS inside to verify the function (and detect failure) of the firewall or IPS. I probably made this prediction before, but here is a good place to do it again. Mark my words :) "We will see a new breed of software become popular soon which is a merger of IDS and forensics software".
I'm with you on that prediction. IDS has a strong place in Auditing already and is branching out into other aspects of security to help complete the security solution. jc -- Jeff Coppock Systems Engineer Diggin' Debian Admin and User ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Re: [Snort-devel] IDS vs IPS, (continued)
- Re: Re: [Snort-devel] IDS vs IPS Frank Knobbe (Aug 27)
- RE: Re: [Snort-devel] IDS vs IPS Gordon Cunningham (Aug 27)
- RE: Re: [Snort-devel] IDS vs IPS Frank Knobbe (Aug 27)
- RE: Re: [Snort-devel] IDS vs IPS twig les (Aug 27)
- RE: Re: [Snort-devel] IDS vs IPS Frank Knobbe (Aug 27)
- RE: Re: [Snort-devel] IDS vs IPS Mark Teicher (Aug 28)
- RE: Re: [Snort-devel] IDS vs IPS Mark Teicher (Aug 28)
- RE: Re: [Snort-devel] IDS vs IPS Gordon Cunningham (Aug 28)
- Re: Re: [Snort-devel] IDS vs IPS Jason (Aug 27)
- Re: Re: [Snort-devel] IDS vs IPS Frank Knobbe (Aug 27)
- Re: Re: [Snort-devel] IDS vs IPS Jeff (Aug 27)
- Re: Re: [Snort-devel] IDS vs IPS Mark Teicher (Aug 28)
- Re: Re: [Snort-devel] IDS vs IPS Mark Teicher (Aug 28)
- Re: Re: [Snort-devel] IDS vs IPS Jeff Nathan (Sep 01)
- Re: Re: [Snort-devel] IDS vs IPS Mark Teicher (Sep 02)
- Re: Re: [Snort-devel] IDS vs IPS Jeff Nathan (Aug 30)
- Re: Re: [Snort-devel] IDS vs IPS Gary Flynn (Sep 02)
- Re: Re: [Snort-devel] IDS vs IPS Mark Teicher (Sep 02)
- Re: Re: [Snort-devel] IDS vs IPS Frank Knobbe (Sep 02)