RE: Hi, I want to study IPS

From: Shafi, Shahid (sshafi_at_qualcomm.com)
Date: 05/25/04

  • Next message: Thiago dos Santos Guzella: "Suggestions"
    Date: Tue, 25 May 2004 12:52:00 -0700
    To: "Greg Martin" <greg@ddos.com>, "Raistlin" <raistlin@gioco.net>
    
    

    Anbody dealing with Mazu Networks Profiler? Its not in IPS category yet
    only NIDS, but they are planning to explore that area soon?

    Thanks,
    Shahid

    -----Original Message-----
    From: Greg Martin [mailto:greg@ddos.com]
    Sent: Sunday, May 23, 2004 11:33 AM
    To: Raistlin
    Cc: focus-ids@securityfocus.com
    Subject: Re: Hi, I want to study IPS

    Stefano "Raistlin" Zanero,

    > > Some vendors use a baseline of the network and take
    >> action if the baseline changes drasticly.
    >
    > Examples ?

    Arbor, Riverhead, Netzentry

    >
    >> Some use a 'negative
    >> space' technique which allows only valid traffic and considers all
    >> other traffic as a dos and drops it completely.
    >entitled
    > Again, examples ?

    Melior iSecure, Toplayer Attack Mitigator

    And here is a real world example of how the an IPS is working to protect
    Spamhaus the biggest spammer blacklist.

    http://www.spamhaus.org/cyberattacks/index.html

    > IMHO IPS are nothing more than an integration of a firewall and an IDS

    > concept. As such, they are rather fuzzy and vaporwar-ish enough to be
    > very marketable.

    Everyone is entitlted to their opinion... I think confusion everyone is
    having stems from marketing people pushing IPS hard at its baby stages
    when the technology WAS more or less 'advance firewall' features or
    firewalls with integrated IDS. Several years have past since
    whitepapers where published denying the value of IPS products and if you
    look at what is currently on the market you can clearly tell there is a
    big difference in performance and functionality.

    Also firewall vendors attempt to code to add IPS features to their
    current product with varying success. ie. Cisco PIX syn intercept and
    Checkpoints syn defender. Both will kill over after a moderate stream of
    random spoofed packets fill up its state tables.

    Ask any large company that constantly gets hit by dDoS attacks, IPS has
    arrived and it has value.

    regards,
    Greg

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Thiago dos Santos Guzella: "Suggestions"

    Relevant Pages

    • Re: Hi, I want to study IPS
      ... And here is a real world example of how the an IPS is working to protect ... having stems from marketing people pushing IPS hard at its baby stages ... Also firewall vendors attempt to code to add IPS features to their current ... ie. Cisco PIX syn intercept and Checkpoints syn defender. ...
      (Focus-IDS)
    • Re: Analysing and configuring IPS/IDS Policies
      ... If you have no faith in the firewall or you are concerned about more ... Remove the IPS from the network. ... policies and logs on those devices. ...
      (Focus-IDS)
    • RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)
      ... IPS has been pretty much been expected to weed out the known bad traffics on ... looks for these type of behaviour in a sequence of packets, ... firewall don't make these kind of mistakes. ... decently good ones will go through the trouble of reassembling the packets ...
      (Firewall-Wizards)
    • RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)
      ... it merely does string-matchings on the packets alone. ... Network IPS: ... A software shim (firewall) that sits between the kernel and the application. ... deployed deep inside a network. ...
      (Firewall-Wizards)
    • RE: IPS vs Firewall
      ... Might I suggest using the witty worm as an example? ... > to implement an IPS solution. ... > place the IPS outside the firewall, ... of an Ethical Hacker to better assess the security of your organization. ...
      (Security-Basics)