Re: [Snort-users] Re: [Snort-devel] IDS vs IPS

From: Jason <security(at)brvenik.com>
Date: Fri Aug 29 2003 - 00:14:16 EDT

I disagree with the statement that firewalls are about policy enforcement. Traditional firewalls are about access control, this access control can be used for policy enforcement or it can be validation or it can be any number of other things.

The firewall has evolved and splintered several times. There are packet filtering firewalls, stateful firewalls, proxy based firewalls, and now what I would call inspection firewalls. Within each segment you have additional capabilities.

There is mixing and matching of these capabilities all over the place and the better players in the market already do all of these functions to some degree. Policy enforcement is but a little piece of the firewall picture.

Because of this I still assert that the new IPS is the natural evolution of these capabilities and that the better suited players are the software based products that are free to adapt without changing hardware and developing new platforms. Simply put I think it is a lot easier for a software based solution to adapt to the case where the reward overcomes the risk.

A few of the new vendors were mentioned as being positioned well for this change, I would ask why then is the positioning for those products buy now and you will already have it when it is ready for prime time? I would rather spend that capital elsewhere and wait the same amount of time for my existing firewalls to be ready.

Bob Walder wrote:
> One important distinction

---

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

---

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Fri Aug 29 00:43:14 2003