RE: Hi, I want to study IPS
From: Shafi, Shahid (sshafi_at_qualcomm.com)
Date: 05/25/04
- Previous message: Thomas: "Usefulness of Network Intrusion Detection Systems"
- Maybe in reply to: cto: "Hi, I want to study IPS"
- Next in thread: Andy Cuff: "Re: amount of alarms generated by IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 May 2004 12:52:00 -0700 To: "Greg Martin" <greg@ddos.com>, "Raistlin" <raistlin@gioco.net>
Anbody dealing with Mazu Networks Profiler? Its not in IPS category yet
only NIDS, but they are planning to explore that area soon?
Thanks,
Shahid
-----Original Message-----
From: Greg Martin [mailto:greg@ddos.com]
Sent: Sunday, May 23, 2004 11:33 AM
To: Raistlin
Cc: focus-ids@securityfocus.com
Subject: Re: Hi, I want to study IPS
Stefano "Raistlin" Zanero,
> > Some vendors use a baseline of the network and take
>> action if the baseline changes drasticly.
>
> Examples ?
Arbor, Riverhead, Netzentry
>
>> Some use a 'negative
>> space' technique which allows only valid traffic and considers all
>> other traffic as a dos and drops it completely.
>entitled
> Again, examples ?
Melior iSecure, Toplayer Attack Mitigator
And here is a real world example of how the an IPS is working to protect
Spamhaus the biggest spammer blacklist.
http://www.spamhaus.org/cyberattacks/index.html
> IMHO IPS are nothing more than an integration of a firewall and an IDS
> concept. As such, they are rather fuzzy and vaporwar-ish enough to be
> very marketable.
Everyone is entitlted to their opinion... I think confusion everyone is
having stems from marketing people pushing IPS hard at its baby stages
when the technology WAS more or less 'advance firewall' features or
firewalls with integrated IDS. Several years have past since
whitepapers where published denying the value of IPS products and if you
look at what is currently on the market you can clearly tell there is a
big difference in performance and functionality.
Also firewall vendors attempt to code to add IPS features to their
current product with varying success. ie. Cisco PIX syn intercept and
Checkpoints syn defender. Both will kill over after a moderate stream of
random spoofed packets fill up its state tables.
Ask any large company that constantly gets hit by dDoS attacks, IPS has
arrived and it has value.
regards,
Greg
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Thomas: "Usefulness of Network Intrusion Detection Systems"
- Maybe in reply to: cto: "Hi, I want to study IPS"
- Next in thread: Andy Cuff: "Re: amount of alarms generated by IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
