RE: Top IPS vendors - please read for invitation to Network World review.

From: Rob Shein (shoten_at_starpower.net)
Date: 09/01/03

  • Next message: Scott Wimer: "Re: Top IPS vendors - please read for invitation to Network World review." 
    To: <wbradd@comcast.net>, <focus-ids@securityfocus.com>
Date: Mon, 1 Sep 2003 12:22:14 -0400

    If you fixate too heavily on "prevention" as the key word, then you could
    refer to Nessus, or even simple policy documents, as IPS for their role in
    assessing security to forestall potential intrusions. The point here is
    that unlike a firewall, an IPS is an active device. For example, hogwash as
    used in a later-generation honeynet alters packets of certain types that
    pass through it. If it sees shellcode that references "/bin/sh" it changes
    one byte and the end result is a reference to "/ben/sh," which of course
    does not exist. In this way, it takes the technology of an IDS (attack
    detection) and goes one very significant step further to actually foil the
    attack. While I feel that the technology is not quite ready for prime-time
    just yet, it is far from just being a marketing term, and certainly does
    something that has not previously been done.

    > -----Original Message-----
    > From: William Bradd [mailto:wbradd@comcast.net]
    > Sent: Thursday, August 28, 2003 7:58 PM
    > To: focus-ids@securityfocus.com
    > Subject: RE: Top IPS vendors - please read for invitation to
    > Network World review.
    >
    >
    > Isn't that what a firewall does?
    >
    > Switch in terms is more a switch in marketing as an attempt
    > to differentiate products.
    >
    > There is more to a product then a name or buzz word.
    >
    > -----Original Message-----
    > From: Zach Forsyth [mailto:Zach.Forsyth@kiandra.com]
    > Sent: Thursday, August 28, 2003 12:36 AM
    > To: Mark Teicher; Paul Schmehl; focus-ids@securityfocus.com;
    > seth.knox@sygate.com
    > Subject: RE: Top IPS vendors - please read for invitation to
    > Network World review.
    >
    >
    > >-----Original Message-----
    > >From: Mark Teicher [mailto:mht3@earthlink.net]
    > >Sent: Wednesday, 27 August 2003 22:30 PM
    > >To: Paul Schmehl; focus-ids@securityfocus.com; seth.knox@sygate.com
    > >Subject: Re: Top IPS vendors - please read for invitation to Network
    > World review.
    > >
    > >
    > >The real question I have is what defines an IPS product
    > versus an IDS..
    > IDS
    > >is obvious, but IPS, it is a very tough definition
    >
    > Intrusion DETECTION system
    >
    > Intrusion PREVENTION system
    >
    > Seems fairly fundamental to me...I think I know what you are
    > trying to say though, keep referring back to the word prevention :)
    >
    >
    >
    > --------------------------------------------------------------
    > -------------
    > Attend Black Hat Briefings & Training Federal, September
    > 29-30 (Training), October 1-2 (Briefings) in Tysons Corner,
    > VA; the worldBs premier technical IT security event.
    > Modeled after the famous Black Hat event in Las Vegas! 6
    > tracks, 12 training sessions, top speakers and sponsors.
    > Symanetc is the Diamond sponsor. Early-bird registration
    > ends September 6
    > Visit: www.blackhat.com
    > --------------------------------------------------------------
    > -------------
    >
    >
    >
    >
    > --------------------------------------------------------------
    > -------------
    > Attend Black Hat Briefings & Training Federal, September
    > 29-30 (Training), October 1-2 (Briefings) in Tysons Corner,
    > VA; the world’s premier
    > technical IT security event. Modeled after the famous Black
    > Hat event in
    > Las Vegas! 6 tracks, 12 training sessions, top speakers and
    > sponsors.
    > Symanetc is the Diamond sponsor. Early-bird registration
    > ends September 6 Visit: www.blackhat.com
    > --------------------------------------------------------------
    > -------------
    >

    ---------------------------------------------------------------------------
    Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world’s premier
    technical IT security event. Modeled after the famous Black Hat event in
    Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
    ---------------------------------------------------------------------------

  • Next message: Scott Wimer: "Re: Top IPS vendors - please read for invitation to Network World review."

    Relevant Pages

    • RE: Physical Computer Location
      ... > Maybe the doctor needs a new machine more than the secretary. ... > technical IT security event. ... > Symantec is the Diamond sponsor. ... Attend Black Hat Briefings & Training Federal, ...
      (Security-Basics)
    • RE: Freeware Antivirus
      ... |technical IT security event. ... Attend Black Hat Briefings & Training Federal, September 29-30, ... Symantec is the Diamond sponsor. ...
      (Security-Basics)
    • RE: Hunting for Mr Badmouth
      ... The court order to Yahoo. ... > technical IT security event. ... > Symantec is the Diamond sponsor. ... Attend Black Hat Briefings & Training Federal, September 29-30, ...
      (Security-Basics)
    • RE: Sobig.F style email with no attachments
      ... > technical IT security event. ... > Symantec is the Diamond sponsor. ... Attend Black Hat Briefings & Training Federal, September 29-30, ...
      (Incidents)
    • RE: DMZ design
      ... > had bout DMZ ... > technical IT security event. ... > Symantec is the Diamond sponsor. ... Attend Black Hat Briefings & Training Federal, September 29-30, ...
      (Security-Basics)