Re: IPS technology question.
From: huy tran (ccna1998_at_yahoo.com)
Date: 08/25/05
- Previous message: Rivera,Angel L.: "RE: using HIDS for change control"
- In reply to: snort user: "IPS technology question."
- Next in thread: THolman_at_toplayer.com: "RE: IPS technology question."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Aug 2005 15:42:08 -0700 (PDT) To: snort user <snort.user@gmail.com>, focus-ids@securityfocus.com
Hello.
I just recently worked on an IPS project and here are
some of the info based on that work. This is kind of
a round about answer to your question.
I am aware of about 30 major IPS (or IDS claiming to
have IPS functionality).
For the most part all are PC based.
The few major players that are ASIC/FPGA that I
remember off the top of my head are: McAfee,
TippingPoint, Radware...
Question 1: In my opinion, the % is about 75% CPU
based and 25% Asic/FPGA based. However this is
trending toward the ASIC/FPGA to address the
throughput requirement.
Question 2: I am not sure if I understand this fully.
Firewall for the most part works around layer 3/4
(dealing with IP address and ports) whereas IPS works
at the higher layer (dealing with vulnerabilities such
as web traffic that is already allowed through
firewall). There are some grey area where IPS can do
some firewall (basic filtering) and firewall can
perform deep packet inspection (basic worm/virus
detection) but I see them as complementary security
devices.
IPS state: IPS is different from a standpoint that it
needs to be inline and not passive like IDS so
adoption at business is not as brisk. However there
are certain workaround to mitigate those risks. In my
opinion I think IPS will dominate because it can
actively stop those fast moving worms like nimda, sql
slammer, zotob which could render a large enterprise's
newtork in minutes or at the very least give you some
breathing room while you leisurely patch your servers.
Good luck.
--- snort user <snort.user@gmail.com> wrote:
> Greetings.
>
> What percentage of the IPS systems are out there,
> which does not use
> co-processors/FPGA etc..
>
> What percentage of the IPS systems depend on
> firewalls like iptables
> and ip filter ?
>
> I am just trying to get an idea of what is the state
> of art in the IPS
> technology space.
>
> Any information is appreciated.
>
> Thanks
>
>
------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to
>
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
>
------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Previous message: Rivera,Angel L.: "RE: using HIDS for change control"
- In reply to: snort user: "IPS technology question."
- Next in thread: THolman_at_toplayer.com: "RE: IPS technology question."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
