Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: need your help about IPS and IDS,thanks

from [Lily] Network Security [Permanent Link]
Subject: Re: need your help about IPS and IDS,thanks
Date: Wed, 17 Nov 2004 17:39:13 +0800 
Thanks for your reply.But I still some question about it:
1.I see 'HIPS creates a baseline of normal activity' and 'NIPS to perform 
pattern-matching between what is known as an attack and the traffic that is 
traversing the network' in the Web of Vigilar.
If the meaning of these two sentences is HIPS can only build the normal model 
to detect while NIPS can use the pattern matching as the IDS?
2. If the 'IPS just knows its an attack which needs to be 
blocked/dropped/reset',what's the meaning of log the traffic?I think the logs 
is no meaning because of the integrity.These type logs can not distinguish any 
known attack. 
3.I am puzzling what technology is used of IDS by IPS?
----- Original Message ----- 
From: "Eric McCarty" <eric@piteduncan.com>
To: "Lily" <xiaoche111@hotmail.com>; <focus-ids@securityfocus.com>
Sent: Wednesday, November 17, 2004 1:00 AM
Subject: RE: need your help about IPS and IDS,thanks


Responses Inline :

1.IPS must build normal model while IDS can use the abnormal
model(misuse detection)?If it is what's the difference between the IDS's
anomaly detection and IPS?

IDS can watch the whole session and figure out whats just happened. IPS
must know long before the session is finished in order to Prevent
anything from happening. 

4.Why someone said IPS can not log the trace of the attacks while IDS
can do?I think IPS can do it easily.Maybe because IPS is in-line and log
the trace needing many time?

The IPS would see the same packets any IDS would, the difference is that
once the IPS figured out the traffic is malicious it takes action. Thus
the IPS log would be up to the point of action being taken, so an IDS
may see the entire flow of traffic and more acurately match the traffic
to a signature of a known attack while the IPS just knows its an attack
which needs to be blocked/dropped/rset. 

So depressed with the IDS/IPS and my thesis is flying in the sky:( Thank
you in advance.

I had this great apricot beer the other day, I highly recommend it. 



Lily

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: need your help about IPS and IDS,thanks, Andy Cuff
Next by Date:  RE: need your help about IPS and IDS,thanks, Andy Cuff
Previous by Thread:  RE: need your help about IPS and IDS,thanks, Eric McCarty
Next by Thread:  RE: need your help about IPS and IDS,thanks, Andy Cuff
Indexes:  [Date] [Thread] [Top] [All Lists]