H/N IPS -what is there?

Hi
I posted this a few days back on fw-wiz but it never appeared, if it does, please accept my apologies for cross posting, with the current thread on Prevention Systems it seemed appropriate

It's that time when I need to seriously look at updating the site. http://www.networkintrusion.co.uk
Two new categories will be Host and Network Intrusion Prevention Systems, or to be more precise Corporate IPS.

Firstly the definitions; by Corporate I mean that they can be managed remotely and they will report into a central console ie not just the local host.

Intrusion Prevention System (IPS). More proactive than the traditional IDS, they actively block traffic deemed as malicious, almost like a firewall but using IDS techniques to block an attack.

Host IPS. A HIPS will block an attack aimed at the Host upon which it is situated, previous names for a HIPS have included Network Node IDS (NNIDS) or personal firewall. To quote nss
"It binds closely with the operating system kernel and services, monitoring and intercepting system calls to the kernel or APIs in order to prevent attacks".
A HIPS should not to be confused with a HIDS which looks at the host Event or Sys logs, though many HIPS incorporate HIDS and File Integrity Checking. examples of HIPS are: Entercept and Intrusion's SHS (Stormwatch)

Network IPS. What used to be called an inline IDS, it's an IDS with 2 interfaces, it will block those packets that trigger the criteria laid down by the IDS. examples TippingPoint UnityOne and RealSecure Guard

I'm hoping to get the pages up with a general overhaul over Christmas, my real job is keeping me too busy these days, so many incidents, so little time!

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

I'm looking for a good starting place and therefore looking for lists containing HIPS and NIPS to start me off on the research, in return I will collate all the information and feed a summary back into the list.

Bibliography: NSS http://www.nss.co.uk who have just published a review on gigabit IDS

take care, and cheers for any time you can spare -andy
Taliskers Network Security Tools
http://www.networkintrusion.co.uk Received on Thu Dec 12 17:17:26 2002