Re: IPS, alternative solutions

• Previous message: Jason Haar: "Re: Wishlist for IPS Products"
• Maybe in reply to: Daniel: "IPS, alternative solutions"
• Next in thread: Alex Butcher, ISC/ISYS: "Re: IPS, alternative solutions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: focus-ids@securityfocus.com
Date: Wed, 15 Sep 2004 17:17:50 +0200

Good point regarding the host based protection. Patrick Evans, MEA Manager
for Symantec, once shared Symantec's view on intrusion prevention, and, in
short, it goes something like this:

IPS is more than just inline or "active" IDS: it is a combination of
technologies, people and processes that ensure that machines and the
applications running on them are resistant to, able to recognize and able
to recover from attack (anyone read Carnegie-Mellon's Survivable Systems
Analysis papers lately... it's been around a while, but it's good stuff,
and that's what I call real intrusion prevention). This means a
combination of good practices, config and dev standards, gateway security,
network security, host security and application security measures and
measuring/auditing capabilities.

It's not a popular notion, though... the marketing types don't find it as
sexy telling you to get your act together and do things the right way as
they do telling you that they have one box that solves all your security
problems.

Using IPS is cool, but only if you're using it as a small cog in a larger
security machine that makes sense as a complete protective system.

Just my R0.02. :-)

--------------------------------------------------------
J o h a n n v a n D u y n
--------------------------------------------------------

Daniel <deeper@gmail.com>
14-09-2004 12:01

 
        To: focus-ids@securityfocus.com
        cc:
        Subject: IPS, alternative solutions

So far there has been a load of talk discussing which is the better
technology. Personally i dont think IPS is ready for the big time. Yeah
its great for small mum and dad networks, but for large financial networks
with billions of pounds flowing across them, would you trust a technology
to think and block what it seems as bad traffic?

So what are the alternatives?

I'd say more host based protection such as:

- Stack protection

- Application level firewalls (ModSecurity/SecureIIS)

- Host based firewalls

I'm interested to see what everyone else feels are alternatives to IPS

______________________________________________________________________
Confidentiality Notice: The information in this document and attachments is confidential and may also be legally privileged. It is intended only for the use of the named recipient. Internet communications are not secure and therefore British American Tobacco does not accept legal responsibility for the contents of this message. If you are not the intended recipient, please notify us immediately and then delete this document. Do not disclose the contents of this document to any other person, nor take any copies. Violation of this notice may be unlawful.
______________________________________________________________________

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

• Previous message: Jason Haar: "Re: Wishlist for IPS Products"
• Maybe in reply to: Daniel: "IPS, alternative solutions"
• Next in thread: Alex Butcher, ISC/ISYS: "Re: IPS, alternative solutions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]