Re: AW: General term for Gateway IDS, IDP, IPS ...

From: stefmit <stefmit(at)comcast.net>
Date: Fri Jun 06 2003 - 08:12:43 EDT

IMHO: Yes and no - *inline* implies *something in-between*, while some I(ntrusion)P(revention)S(ystems) may just passively "watch" traffic "sitting on a stick", learning from the behavioral pattern of traffic they "see" passing by (base-line - if you will), then act appropriately when that pattern is identified as "out-of-<include_your_rules_here>boundaries". In other words I would see inline-IDS belonging (not equivalent!) to the family of IPS.

Now - coming back to the original question: the *gateway IDS* is (IMHO, again - and I fully agree with you, here) what you would call inline-IDS (i.e. a "sort-of" IPS), because it assumes traffic flowing *through* it (thus *inline*), and acting upon it (thus the prevention part, vs. the more passive detection-only, as the regular IDS would do).

Does this even make sense?!? ;)

Stef

On Thursday 05 June 2003 01:56 am, Liesen, Detmar (LDS) wrote:
> Although people call their products "Intrusion Prevention Systems" this is
<snip>
> So a general term for this kind of systems could be the term In-Line-IDS,
<snip>
>
> -----Ursprungliche Nachricht-----

---

INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2

---

Received on Fri Jun 6 12:25:47 2003