El miC), 18 de 08 de 2004 a las 20:27, Fulp, J.D. USA escribiC3:
Hi Jacob,
Here's the way I see it:
1. Firewalls filter
2. IDSs alarm
3. Both Firewalls and IDSs have to have "some" degree of "smarts" to
be able to do their
respective jobs.
6. Since both filtering devices (e.g., routers and firewalls) and IDS
devices need to be "smart"
enough to detect foul play.... why not admit the obvious and
combine the two technologies?
This is why the NEW buzz tech these days is IPS (Intrusion
Prevention Systems)-- that is; if
you're smart enough to flag traffic as an intrusion attempt... then
why not block it!! Duh.
You will also see this new tech referred to as IDP (Intrusion
Detection and Prevention).
I don't agree with point 6.Firewalls block packets without knowing
almost anything about the content of the packet, so they are very
effective in the work they have to do. IPS have to decode the packets
and inspect their content, they are slow, prone to errors and over all
not very effective for every packet.
The ideal if what people is using today. You have your firewall that
does it's works perfectly and then you send the traffic the firewall
have allowed (like traffic to/from port 80/21/etc) to the IPS, that
decodes only this sessions and tells the firewall if the session have
to be accepted or denied.
I think a mix of a firewall and an IPS it's the future, not a more
effective IPS.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÃA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
