FW: Hi, I want to study IPS

From: Tarek Amr Abdullah (tabdullah_at_salec.com.eg)
Date: 05/12/04

Next message: Arun Vishwanathan: "RE: Hi, I want to study IPS"

Previous message: Dennis Cox: "Re: amount of alarms generated by IDS"
Maybe in reply to: cto: "Hi, I want to study IPS"
Next in thread: Arun Vishwanathan: "RE: Hi, I want to study IPS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <focus-ids@securityfocus.com>
Date: Wed, 12 May 2004 10:26:20 +0200

а
а
Hi Kyle Minogue,
а
The main difference between IDS and IPS is that IDS only monitors the
network firing alarms whenever there is an attack, while IPS takes an
action in real time by blocking or allowing traffic.
IDS works as a sniffer, while IPS works inline just like a firewall for
example.
Snort <http://www.snort.org> is an example of NIDS, while NetScreen's
IDP <http://www.juniper.net> and ISS Proventia <http://www.iss.net> are
examples of IPS.
а
WRT the development, I thin you have to decide first one of the
following:
ХаWill it be an IDS or an IPS
ХаWill it be a Signatures Based, Statistical Based, Protocol Anomaly, or
any combination of them?
ХаWill you write your all signatures if any, or use open signatures.
ХаWill it be multi tier architecture, i.e. some sensors with a
centralized management to collect the events from them. Or a single tier
architecture.
а
а
Best Regards,
Tarek Amr Abdallah
а
-----Original Message-----
From: cto [mailto:cto@kdds.co.kr]
Sent: Wednesday, May 12, 2004 3:10 AM
To: focus-ids@securityfocus.com
Subject: Hi, I want to study IPS
а
Hi,
My name is Kyle and developer.
а
I'm developing a NIPS(Network Intrusion Prevention System).
I wonder what is different between NIDS and NIPS.
Where can I acquire documents or anything that explain NIPS.
Please let me know that.
а
Have a nice day!!!
а
PS: I'm sorry for poor English.
а
а
------------------------------------------------------------------------

---
а
------------------------------------------------------------------------
---
а
---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: Arun Vishwanathan: "RE: Hi, I want to study IPS"

Previous message: Dennis Cox: "Re: amount of alarms generated by IDS"
Maybe in reply to: cto: "Hi, I want to study IPS"
Next in thread: Arun Vishwanathan: "RE: Hi, I want to study IPS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: ROI on IDS/IPS products
... since an IPS is nothing more than an IDS that can drop traffic;-) ... By purchasing an IPS from a vendor and enabling even *some* of the signatures for blocking I have established that I trust my vendor and I trust the signature authors to write signatures that are good enough to block an exploit or an attempt to exploit a vulnerability. ...
(Focus-IDS)
Re: Changes in IDS Companies?
... Well...Netscreen didn't *build* a NIPS, ... while everyone gets all excited about the possibility of inline IDS, ... IPS is not a performance bottleneck. ... Firewall & IDS vendors ally/acquire partners on the other side, ...
(Focus-IDS)
RE: Recent Gartner IDS/IPS report
... > resources to properly analyze security reports, ... > replace the IDS products. ... since these same vendors compete with your ... Basing IPS entirely on IDS and making the offspring a single product is ...
(Focus-IDS)
Re: IPS Implementaion
... Moving from an IDS centric world to the IPS side is always a big ... If your vendor differentiates between exploit and vulnerability based ... signatures, go ahead and enable the exploit signatures as they typically ... Test Your IDS ...
(Focus-IDS)
RE: IDS alerts / second - Correlation - Virtualization
... combinations that operating systems and applications respond improperly ... IDS alerts / second - Correlation - Virtualization ... any IPS has to do IDS first. ...
(Focus-IDS)