Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: definition for Inline IDS/IPS

from [Ravi Kumar] Network Security [Permanent Link]
Subject: Re: definition for Inline IDS/IPS
Date: Tue, 28 Sep 2004 01:02:01 +0530 (IST) 
Vijai,

IDS are of two types- HIDS( Host Intrusion detection system) and NIDS(
Network Intrusion detection system)

IDS combined with firewall is IPS( Intrusion prevention system). IPS not
only detects attacks but prevents them.

IPS is said to be IIPS if it operates inline. In the sense, it takes in
each and every packet that comes to the network under prevention.

Prevention is done by closing away the connections with TCP Resets in case
of TCP and ICMP destination unreachable in case of UDP connections and
terminationg the state in the firewall.

IIPS is more advantageous than sniffer mode IDS as it does not miss a
single packet. But the disadvantage would be risk of loss in genuine
connections if its a false positive and performance degradation.

Inline IDS by the name means it cannot prevent the attacks even though it
takes in every packet.

HTH,
Ravi
ROCSYS Technologies Ltd
http://www.rocsys.com




Hi folks ,

can anybody pls clarify me the functionality definition for inline
IDS/IPS??How it differ from normal IDS operation??

i came to know that Inline IDS is nothing called as IPS ,am i rite.

pls clear my doubt..

thanx in advance



Regds
Vijai.K



DISCLAIMER
This message and any attachment(s) contained here are information that
is confidential, proprietary to HCL Technologies and its customers.
Contents may be privileged or otherwise protected by law. The
information is solely intended for the individual or the entity it is
addressed to. If you are not the intended recipient of this message, you
are not authorized to read, forward, print, retain, copy or disseminate
this message or any part of it. If you have received this e-mail in
error, please notify the sender immediately by return e-mail and delete
it from your computer.



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to
learn more.
--------------------------------------------------------------------------





--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IPS, alternative solutions, Stuart Staniford
Next by Date:  Re: IPS, alternative solutions, Thomas Ptacek
Previous by Thread:  Re: definition for Inline IDS/IPS, Graeme Connell
Next by Thread:  IDS Sensor operation, Vijai K (Infosec) - CTD, Chennai.
Indexes:  [Date] [Thread] [Top] [All Lists]