Re: [Snort-users] Re: [Snort-devel] IDS vs IPS

From: Jason <security(at)brvenik.com>
Date: Wed Aug 27 2003 - 23:16:55 EDT

Thanks, I think the matrix shows fairly well that the _new IPS_ is a natural evolution of the existing firewall.

This is important to point out because there are existing investments in firewalls and these firewalls are rapidly closing the gap where needed. I know that CP has been moving in this direction for a while. It has also been my experience that they have been moving at an appropriate pace and the capabilities have been there when I've needed them.

One final statement. You do not need the firewall to log content if you have an IDS that you can trust will not have a direct impact on the business should it be too critical of the data.

You can also have confidence in your firewall because your IDS verifies what you told the firewall to do and covers your arse when you let something by because of business requirements or a human error.

Frank Knobbe wrote:

> On Wed, 2003-08-27 at 18:36, Jason wrote:

>>Bob Walder wrote:
>>
>>>My 0.02 worth is that a Network IPS (NIPS) is a device with two
>>>interfaces that operates in-line to detect suspicious traffic and
>>>INSTANTLY discard the offending packet and the rest of the suspicious
>>>flow.
>>
>>What we have here is a definition of an IPS that matches pretty closely
>>what firewalls have been able to do for some time.

>
>
>
> Not quite. There are difference in the way firewalls and intrusion

---

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

---

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Wed Aug 27 23:32:05 2003