RE: Hi, I want to study IPS

From: infor) urko zurutuza (uzurutuza_at_eps.mondragon.edu)
Date: 07/13/04

  • Next message: Chris Petersen: "RE: Hi, I want to study IPS" 
    Date: Tue, 13 Jul 2004 17:26:49 +0200
To: <focus-ids@securityfocus.com>

    Hi all,

    Continuing with this questions, we are planning a laboratory for
    research in the university.

    Which do you think that are computer requirements for a Network based
    Anomaly Detection research?

    Urko

    > -----Mensaje original-----
    > De: Ali Rajput [mailto:arajput@hdaar.com]
    > Enviado el: martes, 25 de mayo de 2004 17:10
    > Para: focus-ids@securityfocus.com
    > Asunto: Re: Hi, I want to study IPS
    >
    > HI,
    > My name is Muhammad Ali Rajput,
    > Its good to hear that you want to study IPS. One thing you can do
    visit
    > www.sans.org; here you can find information to get started.
    > IPS is quite new concept but nothing is impossible, maybe your 20
    mintue
    > idea
    > can work.
    > Presently i am working on a host-based IDS (for Windows 2000 pro) to
    > submit as
    > a degree project.
    > You can mail me back if you need any information regarding this.
    >
    > On Tuesday 25 May 2004 07:29, Runion Mark A FGA DOIM WEBMASTER(ctr)
    wrote:
    > > Vaporwar-ish, or vapor-ware-ish?
    > >
    > > IPS is a wonderful concept. The few working incidents I've worked
    with
    > are
    > > much larger scale, and use a more structured network. The concept
    > > discussed here as "IPS" is terribly limited if only implemented as a
    > > standalone piece of a network security wall.
    > >
    > > Consider using IDS on lan segments comprising pieces of the inbound
    and
    > > outbound traffic lanes in a network. These system push gathered
    data to
    > a
    > > control center (distributed if you can afford it). The control
    center
    > > monitors and tracks applicant data across the entire network (imagen
    a
    > > telco that might own the entire US data backbone). The control
    center
    > > might have various means of monitoring, tracking, and escalation for
    > > various in process attacks. The notion that a distributed Denial of
    > > Service cannot be stopped is a bit out of date. Many are, but it is
    > always
    > > a credible legal issue.
    > >
    > > Imagen Johhny the Scumbag, sitting in his apartment on 46th street.
    > Starts
    > > his attack using <insert pathetic script here>, and sits back to see
    the
    > > results. 10 seconds later his cable modem stops transmitting. 20
    > minutes
    > > later, there is a knock on the front door; the Police would like to
    > chat.
    > > Okay, so the police actually getting there in 20 minutes is
    voyeuristic,
    > > but it could happen, maybe...
    > >
    > > -
    > > Mark Runion
    > >
    > > "Vapor trails are what novices try to follow, though never noticed
    by
    > those
    > > who do it."
    > >
    > >
    > > -----Original Message-----
    > > From: Raistlin [mailto:raistlin@gioco.net]
    > > Sent: Saturday, May 22, 2004 1:49 PM
    > > To: Greg Martin; focus-ids@securityfocus.com
    > > Subject: Re: Hi, I want to study IPS
    > >
    > > Greg Martin wrote:
    > > > Some vendors use a baseline of the network and take
    > > >
    > > > action if the baseline changes drasticly.
    > >
    > > Examples ?
    > >
    > > > Some use a 'negative
    > > > space' technique which allows only valid traffic and considers all
    > > > other traffic as a dos and drops it completely.
    > >
    > > Again, examples ?
    > >
    > > IMHO IPS are nothing more than an integration of a firewall and an
    IDS
    > > concept. As such, they are rather fuzzy and vaporwar-ish enough to
    be
    > > very marketable.
    >
    >
    >
    ------------------------------------------------------------------------ 

    --
> -
> 
>
------------------------------------------------------------------------
--
> -
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
  • Next message: Chris Petersen: "RE: Hi, I want to study IPS"

    Relevant Pages

    • Re: How to choose an IDS/FW MSS provider
      ... If you look past the appliance label you will find ... Any true IPS must be stateful and therefore cannot just simply forward ... A managed service from anyone when used as an IDS is great because you ... in any network. ...
      (Focus-IDS)
    • RE: Changes in IDS Companies?
      ... The IPS systems MUST be placed at the host. ... Subject: Changes in IDS Companies? ... >"intrusion prevention" which imo is 90% marketing, ... >organizations would trust an IDS alert to enforce network policy. ...
      (Focus-IDS)
    • RE: [fw-wiz] Sources for Extranet Designs?
      ... IDS is all goodness, but what to do with the output? ... that one also has to tweak the signatures there for optimal use on your network. ... IPS is fine, but it seems to me to simply be an evolution of the firewall as ... > for your business partner and let the traffic (for the minimum subset ...
      (Firewall-Wizards)
    • Re: Is IDS/IPS worthless?
      ... IPS seems to mean "firewalls with IDS built-in", but in this definition, I ... existing security architecture. ... >insight to what is happening on a network and provides critical data to ...
      (Focus-IDS)
    • Re: IPS, alternative solutions
      ... I have the impression that some of the alternatives to IPS you mentioned ... Parts of the market have matured (network ... implementations (in-line protocol decoding and blocking/active response ... an often deployed technology at this time is ...
      (Focus-IDS)
    • Quantcast