Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: need your help about IPS and IDS,thanks

from [Stuart Staniford] Network Security [Permanent Link]
Subject: RE: need your help about IPS and IDS,thanks
Date: Mon, 22 Nov 2004 08:51:11 +0530 

Chris Peterson wrote


Lily, I think of IPS as IDS with the ability to take action.  Both IPS
and IDS have techniques for detecting malicious activity and most
commercial products use a combination:


I agree with everything Chris said.  There's just one point on the IPS/IDS
difference that I'd like to highlight because it often seems to get missed
in this particular recurring debate.  That's the issue of evasion
resistance.  An inline IPS has a much broader range of options open to it
because it can actually normalize the traffic.  Eg, if there are weird
overlapping retransmissions, the IPS can pick one and only allow that
through.  By contrast, an IDS that is not inline is forced to somehow deduce
(or guess) which one might have made it to the end-host and actually been
accepted (which tends to mean it needs a lot of information about the
end-hosts to really do a good job).

Stuart.  

Stuart Staniford, Principal Scientist
Nevis Networks
stuart@nevisnetworks.com
408-327-4652



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: ISS Siteprotector as syslog server?, Eric Hines
Next by Date:  Re: IDS requirement, David Jiménez Domínguez
Previous by Thread:  RE: need your help about IPS and IDS,thanks, Chris Petersen
Next by Thread:  RE: need your help about IPS and IDS,thanks, Omar Herrera
Indexes:  [Date] [Thread] [Top] [All Lists]