Re: Hi, I want to study IPS

From: Ali Rajput (arajput_at_hdaar.com)
Date: 05/25/04

  • Next message: Rishi Pande: "RE: Suggestions"
    To: focus-ids@securityfocus.com
    Date: Wed, 26 May 2004 05:09:48 +1400
    
    

    HI,
    My name is Muhammad Ali Rajput,
    Its good to hear that you want to study IPS. One thing you can do visit
    www.sans.org; here you can find information to get started.
    IPS is quite new concept but nothing is impossible, maybe your 20 mintue idea
    can work.
    Presently i am working on a host-based IDS (for Windows 2000 pro) to submit as
    a degree project.
    You can mail me back if you need any information regarding this.

    On Tuesday 25 May 2004 07:29, Runion Mark A FGA DOIM WEBMASTER(ctr) wrote:
    > Vaporwar-ish, or vapor-ware-ish?
    >
    > IPS is a wonderful concept. The few working incidents I've worked with are
    > much larger scale, and use a more structured network. The concept
    > discussed here as "IPS" is terribly limited if only implemented as a
    > standalone piece of a network security wall.
    >
    > Consider using IDS on lan segments comprising pieces of the inbound and
    > outbound traffic lanes in a network. These system push gathered data to a
    > control center (distributed if you can afford it). The control center
    > monitors and tracks applicant data across the entire network (imagen a
    > telco that might own the entire US data backbone). The control center
    > might have various means of monitoring, tracking, and escalation for
    > various in process attacks. The notion that a distributed Denial of
    > Service cannot be stopped is a bit out of date. Many are, but it is always
    > a credible legal issue.
    >
    > Imagen Johhny the Scumbag, sitting in his apartment on 46th street. Starts
    > his attack using <insert pathetic script here>, and sits back to see the
    > results. 10 seconds later his cable modem stops transmitting. 20 minutes
    > later, there is a knock on the front door; the Police would like to chat.
    > Okay, so the police actually getting there in 20 minutes is voyeuristic,
    > but it could happen, maybe...
    >
    > -
    > Mark Runion
    >
    > "Vapor trails are what novices try to follow, though never noticed by those
    > who do it."
    >
    >
    > -----Original Message-----
    > From: Raistlin [mailto:raistlin@gioco.net]
    > Sent: Saturday, May 22, 2004 1:49 PM
    > To: Greg Martin; focus-ids@securityfocus.com
    > Subject: Re: Hi, I want to study IPS
    >
    > Greg Martin wrote:
    > > Some vendors use a baseline of the network and take
    > >
    > > action if the baseline changes drasticly.
    >
    > Examples ?
    >
    > > Some use a 'negative
    > > space' technique which allows only valid traffic and considers all
    > > other traffic as a dos and drops it completely.
    >
    > Again, examples ?
    >
    > IMHO IPS are nothing more than an integration of a firewall and an IDS
    > concept. As such, they are rather fuzzy and vaporwar-ish enough to be
    > very marketable.

    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------


  • Next message: Rishi Pande: "RE: Suggestions"

    Relevant Pages

    • Re: How to choose an IDS/FW MSS provider
      ... If you look past the appliance label you will find ... Any true IPS must be stateful and therefore cannot just simply forward ... A managed service from anyone when used as an IDS is great because you ... in any network. ...
      (Focus-IDS)
    • RE: Changes in IDS Companies?
      ... The IPS systems MUST be placed at the host. ... Subject: Changes in IDS Companies? ... >"intrusion prevention" which imo is 90% marketing, ... >organizations would trust an IDS alert to enforce network policy. ...
      (Focus-IDS)
    • RE: [fw-wiz] Sources for Extranet Designs?
      ... IDS is all goodness, but what to do with the output? ... that one also has to tweak the signatures there for optimal use on your network. ... IPS is fine, but it seems to me to simply be an evolution of the firewall as ... > for your business partner and let the traffic (for the minimum subset ...
      (Firewall-Wizards)
    • Re: Is IDS/IPS worthless?
      ... IPS seems to mean "firewalls with IDS built-in", but in this definition, I ... existing security architecture. ... >insight to what is happening on a network and provides critical data to ...
      (Focus-IDS)
    • NADS ( was RE: IPS comparison)
      ... One thing that does bother me is how IPS has been ... great at the perimeter or other "choke points" in the network. ... NADS gives much of the value of traditional network ... that detection by itself is just not enough. ...
      (Focus-IDS)