Re: Hi, I want to study IPS

From: Ali Rajput (arajput_at_hdaar.com)
Date: 05/25/04

  • Next message: Rishi Pande: "RE: Suggestions"
    To: focus-ids@securityfocus.com
    Date: Wed, 26 May 2004 05:09:48 +1400
    
    

    HI,
    My name is Muhammad Ali Rajput,
    Its good to hear that you want to study IPS. One thing you can do visit
    www.sans.org; here you can find information to get started.
    IPS is quite new concept but nothing is impossible, maybe your 20 mintue idea
    can work.
    Presently i am working on a host-based IDS (for Windows 2000 pro) to submit as
    a degree project.
    You can mail me back if you need any information regarding this.

    On Tuesday 25 May 2004 07:29, Runion Mark A FGA DOIM WEBMASTER(ctr) wrote:
    > Vaporwar-ish, or vapor-ware-ish?
    >
    > IPS is a wonderful concept. The few working incidents I've worked with are
    > much larger scale, and use a more structured network. The concept
    > discussed here as "IPS" is terribly limited if only implemented as a
    > standalone piece of a network security wall.
    >
    > Consider using IDS on lan segments comprising pieces of the inbound and
    > outbound traffic lanes in a network. These system push gathered data to a
    > control center (distributed if you can afford it). The control center
    > monitors and tracks applicant data across the entire network (imagen a
    > telco that might own the entire US data backbone). The control center
    > might have various means of monitoring, tracking, and escalation for
    > various in process attacks. The notion that a distributed Denial of
    > Service cannot be stopped is a bit out of date. Many are, but it is always
    > a credible legal issue.
    >
    > Imagen Johhny the Scumbag, sitting in his apartment on 46th street. Starts
    > his attack using <insert pathetic script here>, and sits back to see the
    > results. 10 seconds later his cable modem stops transmitting. 20 minutes
    > later, there is a knock on the front door; the Police would like to chat.
    > Okay, so the police actually getting there in 20 minutes is voyeuristic,
    > but it could happen, maybe...
    >
    > -
    > Mark Runion
    >
    > "Vapor trails are what novices try to follow, though never noticed by those
    > who do it."
    >
    >
    > -----Original Message-----
    > From: Raistlin [mailto:raistlin@gioco.net]
    > Sent: Saturday, May 22, 2004 1:49 PM
    > To: Greg Martin; focus-ids@securityfocus.com
    > Subject: Re: Hi, I want to study IPS
    >
    > Greg Martin wrote:
    > > Some vendors use a baseline of the network and take
    > >
    > > action if the baseline changes drasticly.
    >
    > Examples ?
    >
    > > Some use a 'negative
    > > space' technique which allows only valid traffic and considers all
    > > other traffic as a dos and drops it completely.
    >
    > Again, examples ?
    >
    > IMHO IPS are nothing more than an integration of a firewall and an IDS
    > concept. As such, they are rather fuzzy and vaporwar-ish enough to be
    > very marketable.

    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------


  • Next message: Rishi Pande: "RE: Suggestions"