Re: IPS, alternative solutions

From: Alex Butcher, ISC/ISYS (Alex.Butcher_at_bristol.ac.uk)
Date: 09/15/04

  • Next message: Scott Wimer: "Re: IPS, alternative solutions"
    Date: Wed, 15 Sep 2004 16:43:57 +0100
    To: focus-ids@securityfocus.com
    
    

    --On 14 September 2004 10:01 +0000 Daniel <deeper@gmail.com> wrote:

    >
    >
    > So far there has been a load of talk discussing which is the better
    > technology. Personally i dont think IPS is ready for the big time. Yeah
    > its great for small mum and dad networks, but for large financial
    > networks with billions of pounds flowing across them, would you trust a
    > technology to think and block what it seems as bad traffic?

    Certainly that's a risk with limited-accuracy signatures that are
    commonplace today.

    > So what are the alternatives?
    >
    > I'd say more host based protection such as:
    >
    > - Stack protection
    >
    > - Application level firewalls (ModSecurity/SecureIIS)

    These two technologies are often included in Host IPS products.

    > - Host based firewalls

    Useful, but won't help in isolation (e.g. user receives a 0-day worm via a
    email attachment to their hotmail account and runs it; or, loads a
    malicious JPG image with an application that's vulnerable to MS04-28)

    Best Regards,
    Alex.

    -- 
    Alex Butcher: Security & Integrity, Personal Computer Systems Group
    Information Systems and Computing             GPG Key ID: F9B27DC9
    GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
    --------------------------------------------------------------------------
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
    --------------------------------------------------------------------------
    

  • Next message: Scott Wimer: "Re: IPS, alternative solutions"

    Relevant Pages

    • RE: Intrusion Prevention Systems - New Generation (new technologi es)
      ... Most of the current intrusion detection techniques/technologies are not ... These kinds of capabilities will provide good IPS. ... I still consider IDS an immature technology. ... In reality, BlackICE Guard (now ...
      (Focus-IDS)
    • RE: Intrusion Prevention Systems
      ... It seems were calling an reactive IDS and IPS. ... In reality, BlackICE Guard ... IPS is hardly a "test lab device" or unproven technology. ...
      (Focus-IDS)
    • Re: IPS, alternative solutions
      ... I have the impression that some of the alternatives to IPS you mentioned ... Parts of the market have matured (network ... implementations (in-line protocol decoding and blocking/active response ... an often deployed technology at this time is ...
      (Focus-IDS)
    • RE: How to choose an IDS/FW MSS provider
      ... When I say "old hat" I am not disparaging the technology or vendors in any ... I donít think IPS is going to curl up and die at the ... aware of who are talking with switch manufacturers on this very topic. ...
      (Focus-IDS)
    • Re: ANN: ERP Framework Components 1.0 released
      ... well, you're right, but it is actually not a quite new technology, i write ... some years ago (the basics) and now I mostly created nice components around ... basically you drop the ManagerContainer on the MainForm and let them load at ... If you create a form through a dynamic function, ...
      (borland.public.delphi.thirdpartytools.general)