Hi Lily,
Sorry I couldn't reply to your request for more info on the difference
between Attack Mitigation Systems and IPS this morning. As I see it an
Attack Mitigation System blocks through rate based technology whilst an IPS
is more content based. The two technologies are becoming blurred as the
products develop from their embryonic state and provide some coverage of the
others' technology. Though IMHO they still tend to concentrate on their
core business, AMS don't make great IPS and vice versa. Though I have to say
I think the divide is getting ever closer. Unfortunately the vendor
marketeers (you know who you are) will latch onto whichever buzzword is
flavor of that month and will use it to make a sale. The end result is a
mailing list, such as this, full of unsatisfied buyers who were looking
either something to protect their network from hackers who purchased AMS or
products to protect their networks from DDOS and bought IPS.
AMS = http://securitywizardry.com/inline.htm
IPS = http://securitywizardry.com/idsdosmit.htm
The above pages aren't quite up to date, I was hoping to tackle them over
the weekend, but the fervour around this subject warranted their early
disclosure.
Regards
-andy cuff
The Talisker Network Security Portal
http://securitywizardry.com
Computer Network Defence Ltd
-----Original Message-----
From: Lily [mailto:xiaoche111@hotmail.com]
Sent: 17 November 2004 09:39
To: Eric McCarty
Cc: focus-ids@securityfocus.com
Subject: Re: need your help about IPS and IDS,thanks
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 15/11/2004
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
