RE: IDS VS. IPS: Which is Better???

From: Ferino Mardo (RMardo_at_ALJOMAIHBEV.com)
Date: 07/05/04

  • Next message: atarata_at_internode.on.net: "Re: IDS VS. IPS: Which is Better???" 
    Date: Mon, 5 Jul 2004 16:11:15 +0300
To: "Ida Systems" <focus-ids@securityfocus.com>

    check www.iss.net and click on their support/bookstore menu. there are
    plenty of good books there.

    as for the difference between IDS and IPS the idea is IDS
    implementations just detect intrusions after it has done its damaged
    while IPS detects AND prevents such intrusions from doing their thing.

    my 2cents.

    > -----Original Message-----
    > From: NAVTEJ KOHLI [mailto:tonavtejkohli@hotmail.com]
    > Sent: Friday, July 02, 2004 4:41 AM
    > To: focus-ids@securityfocus.com
    > Subject: IDS VS. IPS: Which is Better???
    >
    >
    >
    > Hi , I'm new in this group. I got one project to implement
    > IDS on big
    > originations. Now I have to gives one presentation on IDS Vs
    > IPS. I don't
    > know what is the exactly difference between IDS and IPS. How
    > IPS is good
    > then IDS.
    >
    >
    > It would be very nice of you if anyone can give me some
    > technical hints
    > like
    > * How to start with the preparation?
    > * Which Books/Question Banks/Related Documents to refer?
    > * Any web sites/hyper links which could be helpful?
    >
    >
    > I would be really thankful if you can take some precious time
    > from your busy
    > schedule and help me out as I need it very badly. Hoping for
    > a reply soon
    > from your side.
    >
    >
    > Regards,
    >
    > NAVTEJ KOHLI
    >
    > _________________________________________________________________
    > Protect your PC - get McAfee.com VirusScan Online
    > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
    >
    >
    > --------------------------------------------------------------
    > -------------
    >
    > --------------------------------------------------------------
    > -------------
    >
    >

    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------

  • Next message: atarata_at_internode.on.net: "Re: IDS VS. IPS: Which is Better???"

    Relevant Pages

    • RE: Recent Gartner IDS/IPS report
      ... > resources to properly analyze security reports, ... > replace the IDS products. ... since these same vendors compete with your ... Basing IPS entirely on IDS and making the offspring a single product is ...
      (Focus-IDS)
    • RE: IDS alerts / second - Correlation - Virtualization
      ... combinations that operating systems and applications respond improperly ... IDS alerts / second - Correlation - Virtualization ... any IPS has to do IDS first. ...
      (Focus-IDS)
    • RE: IDS alerts / second - Correlation - Virtualization
      ... If you take a proper IPS, and by that I don't mean an IDS that has been ... followed by rate limiting and Layer 4 checks before it ...
      (Focus-IDS)
    • RE: Intrusion Prevention Systems
      ... It seems were calling an reactive IDS and IPS. ... In reality, BlackICE Guard ... IPS is hardly a "test lab device" or unproven technology. ...
      (Focus-IDS)
    • RE: IDS evaluations procedures
      ... An example would be to use an IPS to force all HTTP requests to have the host header www.xyz.com this will stop a significant proportion of HTTP noise before signature matching. ... Conversely with IDS you just don’t have the ability to white list traffic in this way, I guess you could RST any request that didn’t match the URL but I think fragmented buffer overflows and the like could sneak through - so it’s risky. ... Traffic-based anomalies? ... Are you only interested in classic "attacks" (fire up Nessus, ...
      (Focus-IDS)
    • Quantcast