RE: need your help about IPS and IDS,thanks

From: Andy Cuff (lists_at_securitywizardry.com)
Date: 11/17/04

  • Next message: Zhuowei Li: "need your help about IPS and IDS,thanks"
    To: "'Lily'" <xiaoche111@hotmail.com>, "'Eric McCarty'" <eric@piteduncan.com>
    Date: Wed, 17 Nov 2004 21:58:07 -0000
    
    

    Hi Lily,
    Sorry I couldn't reply to your request for more info on the difference
    between Attack Mitigation Systems and IPS this morning. As I see it an
    Attack Mitigation System blocks through rate based technology whilst an IPS
    is more content based. The two technologies are becoming blurred as the
    products develop from their embryonic state and provide some coverage of the
    others' technology. Though IMHO they still tend to concentrate on their
    core business, AMS don't make great IPS and vice versa. Though I have to say
    I think the divide is getting ever closer. Unfortunately the vendor
    marketeers (you know who you are) will latch onto whichever buzzword is
    flavor of that month and will use it to make a sale. The end result is a
    mailing list, such as this, full of unsatisfied buyers who were looking
    either something to protect their network from hackers who purchased AMS or
    products to protect their networks from DDOS and bought IPS.

    AMS = http://securitywizardry.com/inline.htm
    IPS = http://securitywizardry.com/idsdosmit.htm

    The above pages aren't quite up to date, I was hoping to tackle them over
    the weekend, but the fervour around this subject warranted their early
    disclosure.

       Regards
       -andy cuff
    The Talisker Network Security Portal
    http://securitywizardry.com
    Computer Network Defence Ltd

    -----Original Message-----
    From: Lily [mailto:xiaoche111@hotmail.com]
    Sent: 17 November 2004 09:39
    To: Eric McCarty
    Cc: focus-ids@securityfocus.com
    Subject: Re: need your help about IPS and IDS,thanks

     

    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.797 / Virus Database: 541 - Release Date: 15/11/2004
     
    --------------------------------------------------------------------------
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from 
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
    to learn more.
    --------------------------------------------------------------------------
    

  • Next message: Zhuowei Li: "need your help about IPS and IDS,thanks"

    Relevant Pages

    • Re: IPS, alternative solutions
      ... I have the impression that some of the alternatives to IPS you mentioned ... Parts of the market have matured (network ... implementations (in-line protocol decoding and blocking/active response ... an often deployed technology at this time is ...
      (Focus-IDS)
    • NIPS Vendors explicit answer
      ... And I absolutely do not want to start a discussion IDS versus IPS. ... The big advantage from this behaviour is that the network may ... white-papers regarding anomaly-detection from some vendors which are not ... that I didn't said that one technology is the ...
      (Focus-IDS)
    • RE: NADS ( was RE: IPS comparison)
      ... Didn't mean for it to come across that way, I'm just passionate about the technology. ... No "magic bullet" here....just a technology that fills a lot of security gaps. ... StealthWatchby Lancope, a next-generation network security solution, delivers behavior-based intrusion detection, policy enforcement and insightful network analysis. ... Subject: NADS (was RE: IPS comparison) ...
      (Focus-IDS)
    • RE: Intrusion Prevention Systems - New Generation (new technologi es)
      ... Most of the current intrusion detection techniques/technologies are not ... These kinds of capabilities will provide good IPS. ... I still consider IDS an immature technology. ... In reality, BlackICE Guard (now ...
      (Focus-IDS)
    • RE: Intrusion Prevention Systems
      ... It seems were calling an reactive IDS and IPS. ... In reality, BlackICE Guard ... IPS is hardly a "test lab device" or unproven technology. ...
      (Focus-IDS)