Re: definition for Inline IDS/IPS
From: Graeme Connell (gconnell_at_middlebury.edu)
Date: 09/27/04
- Previous message: Graeme Connell: "Re: free hIDS, or system assessment tools"
- In reply to: Vijai K (Infosec) - CTD, Chennai.: "definition for Inline IDS/IPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Sep 2004 15:25:42 -0400 To: "Vijai K (Infosec) - CTD, Chennai." <vijaik@ctd.hcltech.com>
By my understanding, an inline IDS or IPS actually has packets pass
through it as opposed to passively sniffing packets on a network. And
because packets going from one location to another must pass THROUGH the
inline IDS, the possibility opens up to modify traffic on a
packet-by-packet basis. Therefore, not only can attacks be detected;
they can actually be nullified by modifying packet payload.
Regarding the IDS/IPS definition, if an inline IDS actually DOES
modify packets to nullify attacks instead of just alerting of suspicious
activity, it becomes an IPS. In that case, it is actually PREVENTING
attacks from succeeding. I should note that ALL inline intrusion
detection systems that I've heard of are IPS. But that doesn't mean, I
don't think, that you couldn't have just an inline IDS.
--Graeme Connell
Vijai K (Infosec) - CTD, Chennai. wrote:
>Hi folks ,
>
>can anybody pls clarify me the functionality definition for inline
>IDS/IPS??How it differ from normal IDS operation??
>
>i came to know that Inline IDS is nothing called as IPS ,am i rite.
>
>pls clear my doubt..
>
>thanx in advance
>
>
>
>Regds
>Vijai.K
>
>
>
>DISCLAIMER
>This message and any attachment(s) contained here are information that is
>confidential, proprietary to HCL Technologies and its customers. Contents
>may be privileged or otherwise protected by law. The information is solely
>intended for the individual or the entity it is addressed to. If you are not
>the intended recipient of this message, you are not authorized to read,
>forward, print, retain, copy or disseminate this message or any part of it.
>If you have received this e-mail in error, please notify the sender
>immediately by return e-mail and delete it from your computer.
>
>
>
>--------------------------------------------------------------------------
>Test Your IDS
>
>Is your IDS deployed correctly?
>Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
>--------------------------------------------------------------------------
>
>
>
>
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
- Previous message: Graeme Connell: "Re: free hIDS, or system assessment tools"
- In reply to: Vijai K (Infosec) - CTD, Chennai.: "definition for Inline IDS/IPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
