Re: [fw-wiz] GIDS, Intrusion Prevention: A Firewall by Any Other Name

From: Paul D. Robertson (
Date: 08/12/02

From: "Paul D. Robertson" <>
To: Crispin Cowan <>
Date: Mon Aug 12 18:47:01 2002

On Mon, 12 Aug 2002, Crispin Cowan wrote:

> Is anyone besides me sick to death of hearing about "intrusion
> prevention" and "gateway intrusion detection" technologies? These are

Buzzword of the week stuff always frustrates me.

> devices that sit in-line between the Internet and your LAN, apply
> intrusion detection pattern matching rules to the content they see
> streaming in to your site, and block the stuff they deem to be "bad."
> The canonical example being the Inline SNORT (nee Hogwash) open source
> project.
> To me, this is a firewall. It is sitting in exactly the same place in
> the network topology, performing the same function. It is using new
> kinds of rules to distinguish "good" traffic from "bad", but it is
> none-the-less a firewall.

I look at is as a signature-based firewall rather than a policy-based

> "Signature Firewall" or something. But lets dispose of "intrusion
> prevention" in the tired hype bit bucket.

It's all that product differentiation stuff- how the heck are you gonna
get capital as a firewall vendor since the space is so well-carved out?

Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact." Director of Risk Assessment TruSecure Corporation