Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: definition for Inline IDS/IPS

from [Graeme Connell] Network Security [Permanent Link]
Subject: Re: definition for Inline IDS/IPS
Date: Mon, 27 Sep 2004 15:25:42 -0400
By my understanding, an inline IDS or IPS actually has packets pass through it as opposed to passively sniffing packets on a network. And because packets going from one location to another must pass THROUGH the inline IDS, the possibility opens up to modify traffic on a packet-by-packet basis. Therefore, not only can attacks be detected; they can actually be nullified by modifying packet payload.
Regarding the IDS/IPS definition, if an inline IDS actually DOES modify packets to nullify attacks instead of just alerting of suspicious activity, it becomes an IPS. In that case, it is actually PREVENTING attacks from succeeding. I should note that ALL inline intrusion detection systems that I've heard of are IPS. But that doesn't mean, I don't think, that you couldn't have just an inline IDS.

      --Graeme Connell

Vijai K (Infosec) - CTD, Chennai. wrote:

Hi folks ,

can anybody pls clarify me the functionality definition for inline
IDS/IPS??How it differ from normal IDS operation??

i came to know that Inline IDS is nothing called as IPS ,am i rite.

pls clear my doubt..

thanx in advance 



Regds
Vijai.K



DISCLAIMER This message and any attachment(s) contained here are information that is
confidential, proprietary to HCL Technologies and its customers. Contents
may be privileged or otherwise protected by law. The information is solely
intended for the individual or the entity it is addressed to. If you are not
the intended recipient of this message, you are not authorized to read,
forward, print, retain, copy or disseminate this message or any part of it.
If you have received this e-mail in error, please notify the sender
immediately by return e-mail and delete it from your computer.



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------





--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: free hIDS, or system assessment tools, Graeme Connell
Next by Date:  RE: IPS, alternative solutions, Stuart Staniford
Previous by Thread:  definition for Inline IDS/IPS, Vijai K (Infosec) - CTD, Chennai.
Next by Thread:  Re: definition for Inline IDS/IPS, Ravi Kumar
Indexes:  [Date] [Thread] [Top] [All Lists]