Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IPS technology question.

from [huy tran] Network Security [Permanent Link]
Subject: Re: IPS technology question.
Date: Wed, 24 Aug 2005 15:42:08 -0700 (PDT) 
Hello.  
I just recently worked on an IPS project and here are
some of the info based on that work.  This is kind of
a round about answer to your question.
I am aware of about 30 major IPS (or IDS claiming to
have IPS functionality).
For the most part all are PC based.
The few major players that are ASIC/FPGA that I
remember off the top of my head are: McAfee,
TippingPoint, Radware...

Question 1:  In my opinion, the % is about 75% CPU
based and 25% Asic/FPGA based.  However this is
trending toward the ASIC/FPGA to address the
throughput requirement.
 
Question 2:  I am not sure if I understand this fully.
 Firewall for the most part works around layer 3/4
(dealing with IP address and ports) whereas IPS works
at the higher layer (dealing with vulnerabilities such
as web traffic that is already allowed through
firewall).  There are some grey area where IPS can do
some firewall (basic filtering) and firewall can
perform deep packet inspection (basic worm/virus
detection) but I see them as complementary security
devices.

IPS state:  IPS is different from a standpoint that it
needs to be inline and not passive like IDS so
adoption at business is not as brisk.  However there
are certain workaround to mitigate those risks.  In my
opinion I think IPS will dominate because it can
actively stop those fast moving worms like nimda, sql
slammer, zotob which could render a large enterprise's
newtork in minutes or at the very least give you some
breathing room while you leisurely patch your servers.

Good luck.

--- snort user <snort.user@gmail.com> wrote:


Greetings.

What percentage of the IPS systems are out there,
which does not use
co-processors/FPGA etc..

 What percentage of the IPS systems depend on
firewalls like iptables
and ip filter ?

I am just trying to get an idea of what is the state
of art in the IPS
technology space.

Any information is appreciated.

Thanks



------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to


http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.


------------------------------------------------------------------------






------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: using HIDS for change control, Rivera,Angel L.
Next by Date:  Re: IDS with Case-Based Reasoning, Sanjay Rawat
Previous by Thread:  Re: IPS technology question., Bob Walder
Next by Thread:  RE: IPS technology question., Swift, David
Indexes:  [Date] [Thread] [Top] [All Lists]