RE: Hi, I want to study IPS

From: infor) urko zurutuza (uzurutuza_at_eps.mondragon.edu)
Date: 05/13/04

  • Next message: Shawn: "RE: Hi, I want to study IPS"
    Date: Thu, 13 May 2004 08:27:34 +0200
    To: "Arun Vishwanathan" <arun.vishwanathan@nevisnetworks.com>, "Josh Mills" <JMills@cnbwaco.com>, "cto" <cto@kdds.co.kr>, <focus-ids@securityfocus.com>
    
    

    Well, I think the better way of starting with IPS, is to play first with an IDS as Snort, and after that you should fulfill the pig with some plugins, for example:

    -SnortSam (integration of Snort with Checkpoint Firewall-1)
    -snort-inline (integrates Snort into a IPTables type kernel firewall), or
    -flex-resp (resets connections)

    This way, I could say that they turn Snort IDS in a IPS.

    Urko

    > -----Mensaje original-----
    > De: Arun Vishwanathan [mailto:arun.vishwanathan@nevisnetworks.com]
    > Enviado el: miércoles, 12 de mayo de 2004 15:27
    > Para: Josh Mills; cto; focus-ids@securityfocus.com
    > Asunto: RE: Hi, I want to study IPS
    >
    > I know of this tool called "Hogwash".
    > http://sourceforge.net/projects/hogwash/
    >
    > I am not qualified to comment on whether it is good or bad. :-)
    >
    > HTH.
    >
    > -----Original Message-----
    > From: Josh Mills [mailto:JMills@cnbwaco.com]
    > Sent: Wednesday, May 12, 2004 6:51 PM
    > To: Arun Vishwanathan; cto; focus-ids@securityfocus.com
    > Subject: RE: Hi, I want to study IPS
    >
    > Are there any good open source NIPS products out there?
    >
    > -----Original Message-----
    > From: Arun Vishwanathan [mailto:arun.vishwanathan@nevisnetworks.com]
    > Sent: Wednesday, May 12, 2004 1:42 AM
    > To: cto; focus-ids@securityfocus.com
    > Subject: RE: Hi, I want to study IPS
    >
    >
    > Hi Kyle,
    >
    > In short, NIPS is a combination of a firewall and IDS.
    > An IDS will only detect intrusions whereas the NIPS will also take
    > actions on the intrusions detected based on policies.
    >
    > Read this goop article for an intro to NIPS
    > http://www.securityfocus.com/infocus/1670
    >
    > HTH.
    > Arun
    > -----Original Message-----
    > From: cto [mailto:cto@kdds.co.kr]
    > Sent: Wednesday, May 12, 2004 6:40 AM
    > To: focus-ids@securityfocus.com
    > Subject: Hi, I want to study IPS
    >
    > Hi,
    > My name is Kyle and developer.
    >
    > I'm developing a NIPS(Network Intrusion Prevention System).
    > I wonder what is different between NIDS and NIPS.
    > Where can I acquire documents or anything that explain NIPS.
    > Please let me know that.
    >
    > Have a nice day!!!
    >
    > PS: I'm sorry for poor English.
    >
    >
    > ------------------------------------------------------------------------
    > ---
    >
    > ------------------------------------------------------------------------
    > ---
    >
    >
    > ------------------------------------------------------------------------
    > ---
    >
    > ------------------------------------------------------------------------
    > ---
    >
    >
    > --------------------------------------------------------------------------
    > -
    >
    > --------------------------------------------------------------------------
    > -

    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------


  • Next message: Shawn: "RE: Hi, I want to study IPS"

    Relevant Pages

    • Re: Changes in IDS Companies?
      ... Well...Netscreen didn't *build* a NIPS, ... while everyone gets all excited about the possibility of inline IDS, ... IPS is not a performance bottleneck. ... Firewall & IDS vendors ally/acquire partners on the other side, ...
      (Focus-IDS)
    • RE: Hi, I want to study IPS
      ... IDS and IPS are using the same tools and same abilities. ... My name is Kyle and developer. ... Where can I acquire documents or anything that explain NIPS. ...
      (Focus-IDS)
    • RE: Hi, I want to study IPS
      ... Back when I recently was exposed to IPS term, ... ISS RealSecure can be defined as just an IPS or an IDS even if it has ... Where can I acquire documents or anything that explain NIPS. ...
      (Focus-IDS)
    • FW: Hi, I want to study IPS
      ... The main difference between IDS and IPS is that IDS only monitors the ... Will you write your all signatures if any, ... Where can I acquire documents or anything that explain NIPS. ...
      (Focus-IDS)
    • Re: Re: IDS-IPS Recommendations
      ... Dave, I've know you can use Snort as an IDS, how do you use it as an IPS? ...
      (Security-Basics)