Firewall Wizards mailing list archives
Re: Intrusion Prevention Firewall
From: Gary Flynn <flynngn () jmu edu>
Date: Fri, 29 Mar 2002 13:36:56 -0500
"Marcus J. Ranum" wrote:
I suspect you are referring to "intrusion prevention" - which is a hot new marketing term but basically everything that's being billed as "intrusion prevention" is just firewalling + antivirus with a bit of fresh paint on it.
Perhaps my understanding is naive. I've always thought of firewalls as blindly blocking protocols, addresses, or unsolicited connection attempts according to policy. More of a risk management device minimizing access based on "traffic profiling" if you will, than a device which makes decisions about the hostility of a particular piece of traffic. I've thought of IDS systems as devices able to determine the hostility of a particular piece of traffic, but, unfortunately, mostly as a passive monitor of the process. I'd consider an intrusion prevention system to be one as smart as an IDS with the capability to block associated traffic like a firewall. So I'd be able to allow incoming FTP, telnet, and ssh but the device would stop buffer overflow attempts. And I'd be able to allow incoming HTTP to neophyte Windows 2000 machine owners but the device would block attempts at cmd.exe or default.ida. Proxy based firewalls are probably the closest to what I'm looking for but I was under the impression that they don't have as wide an understanding of intrusion signatures as do IDS boxes and the number of protocols supported by proxies are limited. Am I hopelessly misinformed or outdated? -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Intrusion Prevention Firewall Gary Flynn (Mar 16)
- Re: Intrusion Prevention Firewall Mark Renouf (Mar 17)
- Re: Intrusion Prevention Firewall Inno Eroraha (Mar 29)
- <Possible follow-ups>
- RE: Intrusion Prevention Firewall Stiennon,Richard (Mar 17)
- FW: Intrusion Prevention Firewall franks (Mar 17)
- Re: FW: Intrusion Prevention Firewall Gary Flynn (Mar 29)
- RE: Intrusion Prevention Firewall Pieper, Rodney (Mar 29)
- RE: Intrusion Prevention Firewall Marcus J. Ranum (Mar 29)
- Re: Intrusion Prevention Firewall Gary Flynn (Mar 29)
- Re: Intrusion Prevention Firewall Marcus J. Ranum (Mar 29)
- RE: Intrusion Prevention Firewall Dave Piscitello (Mar 29)
- Re: Intrusion Prevention Firewall Crispin Cowan (Mar 29)
- RE: Intrusion Prevention Firewall Marcus J. Ranum (Mar 29)
- RE: Intrusion Prevention Firewall Stiennon,Richard (Mar 30)