Re: definition for Inline IDS/IPS
From: Ravi Kumar (ravivsn_at_rocsys.com)
Date: 09/27/04
- Previous message: Vijai K (Infosec) - CTD, Chennai.: "IDS Sensor operation"
- In reply to: Vijai K (Infosec) - CTD, Chennai.: "definition for Inline IDS/IPS"
- Next in thread: Graeme Connell: "Re: definition for Inline IDS/IPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Sep 2004 01:02:01 +0530 (IST) To: <vijaik@ctd.hcltech.com>
Vijai,
IDS are of two types- HIDS( Host Intrusion detection system) and NIDS(
Network Intrusion detection system)
IDS combined with firewall is IPS( Intrusion prevention system). IPS not
only detects attacks but prevents them.
IPS is said to be IIPS if it operates inline. In the sense, it takes in
each and every packet that comes to the network under prevention.
Prevention is done by closing away the connections with TCP Resets in case
of TCP and ICMP destination unreachable in case of UDP connections and
terminationg the state in the firewall.
IIPS is more advantageous than sniffer mode IDS as it does not miss a
single packet. But the disadvantage would be risk of loss in genuine
connections if its a false positive and performance degradation.
Inline IDS by the name means it cannot prevent the attacks even though it
takes in every packet.
HTH,
Ravi
ROCSYS Technologies Ltd
http://www.rocsys.com
> Hi folks ,
>
> can anybody pls clarify me the functionality definition for inline
> IDS/IPS??How it differ from normal IDS operation??
>
> i came to know that Inline IDS is nothing called as IPS ,am i rite.
>
> pls clear my doubt..
>
> thanx in advance
>
>
>
> Regds
> Vijai.K
>
>
>
> DISCLAIMER
> This message and any attachment(s) contained here are information that
> is confidential, proprietary to HCL Technologies and its customers.
> Contents may be privileged or otherwise protected by law. The
> information is solely intended for the individual or the entity it is
> addressed to. If you are not the intended recipient of this message, you
> are not authorized to read, forward, print, retain, copy or disseminate
> this message or any part of it. If you have received this e-mail in
> error, please notify the sender immediately by return e-mail and delete
> it from your computer.
>
>
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT. Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to
> learn more.
> --------------------------------------------------------------------------
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
- Previous message: Vijai K (Infosec) - CTD, Chennai.: "IDS Sensor operation"
- In reply to: Vijai K (Infosec) - CTD, Chennai.: "definition for Inline IDS/IPS"
- Next in thread: Graeme Connell: "Re: definition for Inline IDS/IPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
