Network Security: Detailed info on RE: IDS vs. IPS deployment feedback

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-IDS

[Top] [All Lists]

RE: IDS vs. IPS deployment feedback

from [Basgen, Brian] Network Security

[Permanent Link]

Subject:	RE: IDS vs. IPS deployment feedback
Date:	Thu, 6 Apr 2006 10:44:24 -0700

 
 I'm new to the list, but this flame war is a bit odd. This is an IDS list,
yet the usefulness of IDS is being dismissed?

 This debate could generate some interesting data. In snort, for example,
there are around 5,759 rules (3/31/2006, non-subscription rule base). I
don't have the metrics on hand of how many rules commercial IPS's deploy on
by default (and how many total can be turned on), but I'd guess it is around
500. I'd be interested to know those numbers, if someone has them. A vendor
comparison of rules could also be interesting. 

 What I draw from this ratio is that some 90% of attacks can get through an
IPS solution. That doesn't invalidate the IPS anymore than the IPS
invalidates a firewall, but it does indicate to me that IDS plays an
essential role. 

~~~~~~~~~~~~~~~~~~
Brian Basgen
IT Security Architect
Pima Community College

smime.p7s
Description: S/MIME cryptographic signature

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: IDS vs. IPS deployment feedback, Devdas Bhagat Re: IDS vs. IPS deployment feedback, Will Metcalf Re: IDS vs. IPS deployment feedback, Jean-Philippe Luiggi RE: IDS vs. IPS deployment feedback, Andrew Plato Re: IDS vs. IPS deployment feedback, Will Metcalf Re: IDS vs. IPS deployment feedback, Stefano Zanero RE: IDS vs. IPS deployment feedback, Basgen, Brian <= RE: IDS vs. IPS deployment feedback, Andrew Plato RE: IDS vs. IPS deployment feedback, Alan Shimel Re: IDS vs. IPS deployment feedback, Eric Hines RE: IDS vs. IPS deployment feedback, Andrew Plato Re: IDS vs. IPS deployment feedback, Richard Bejtlich Re: IDS vs. IPS deployment feedback, Paul Schmehl Re: IDS vs. IPS deployment feedback, Aaron Re: IDS vs. IPS deployment feedback, Stefano Zanero Re: IDS vs. IPS deployment feedback, Thomas Choi Re: IDS vs. IPS deployment feedback, Aaron

Previous by Date:	Re: IDS vs. IPS deployment feedback, Will Metcalf
Next by Date:	RE: IDS vs. IPS deployment feedback, Andrew Plato
Previous by Thread:	Re: IDS vs. IPS deployment feedback, Stefano Zanero
Next by Thread:	RE: IDS vs. IPS deployment feedback, Andrew Plato
Indexes:	[Date] [Thread] [Top] [All Lists]