Re: Hi, I want to study IPS
From: Ali Rajput (arajput_at_hdaar.com)
Date: 05/25/04
- Previous message: James Riden: "Re: Usefulness of Network Intrusion Detection Systems"
- In reply to: Runion Mark A FGA DOIM WEBMASTER(ctr): "RE: Hi, I want to study IPS"
- Next in thread: Securecatalyst: "Testing IDS/IPS Signatures"
- Reply: Securecatalyst: "Testing IDS/IPS Signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-ids@securityfocus.com Date: Wed, 26 May 2004 05:09:48 +1400
HI,
My name is Muhammad Ali Rajput,
Its good to hear that you want to study IPS. One thing you can do visit
www.sans.org; here you can find information to get started.
IPS is quite new concept but nothing is impossible, maybe your 20 mintue idea
can work.
Presently i am working on a host-based IDS (for Windows 2000 pro) to submit as
a degree project.
You can mail me back if you need any information regarding this.
On Tuesday 25 May 2004 07:29, Runion Mark A FGA DOIM WEBMASTER(ctr) wrote:
> Vaporwar-ish, or vapor-ware-ish?
>
> IPS is a wonderful concept. The few working incidents I've worked with are
> much larger scale, and use a more structured network. The concept
> discussed here as "IPS" is terribly limited if only implemented as a
> standalone piece of a network security wall.
>
> Consider using IDS on lan segments comprising pieces of the inbound and
> outbound traffic lanes in a network. These system push gathered data to a
> control center (distributed if you can afford it). The control center
> monitors and tracks applicant data across the entire network (imagen a
> telco that might own the entire US data backbone). The control center
> might have various means of monitoring, tracking, and escalation for
> various in process attacks. The notion that a distributed Denial of
> Service cannot be stopped is a bit out of date. Many are, but it is always
> a credible legal issue.
>
> Imagen Johhny the Scumbag, sitting in his apartment on 46th street. Starts
> his attack using <insert pathetic script here>, and sits back to see the
> results. 10 seconds later his cable modem stops transmitting. 20 minutes
> later, there is a knock on the front door; the Police would like to chat.
> Okay, so the police actually getting there in 20 minutes is voyeuristic,
> but it could happen, maybe...
>
> -
> Mark Runion
>
> "Vapor trails are what novices try to follow, though never noticed by those
> who do it."
>
>
> -----Original Message-----
> From: Raistlin [mailto:raistlin@gioco.net]
> Sent: Saturday, May 22, 2004 1:49 PM
> To: Greg Martin; focus-ids@securityfocus.com
> Subject: Re: Hi, I want to study IPS
>
> Greg Martin wrote:
> > Some vendors use a baseline of the network and take
> >
> > action if the baseline changes drasticly.
>
> Examples ?
>
> > Some use a 'negative
> > space' technique which allows only valid traffic and considers all
> > other traffic as a dos and drops it completely.
>
> Again, examples ?
>
> IMHO IPS are nothing more than an integration of a firewall and an IDS
> concept. As such, they are rather fuzzy and vaporwar-ish enough to be
> very marketable.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: James Riden: "Re: Usefulness of Network Intrusion Detection Systems"
- In reply to: Runion Mark A FGA DOIM WEBMASTER(ctr): "RE: Hi, I want to study IPS"
- Next in thread: Securecatalyst: "Testing IDS/IPS Signatures"
- Reply: Securecatalyst: "Testing IDS/IPS Signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
