IDS mailing list archives
Re: Help in evaluating Inline IDS/IPS solution
From: Lance Spitzner <lance () honeynet org>
Date: Thu, 5 Jun 2003 09:04:02 -0500 (CDT)
On Thu, 5 Jun 2003, Ravi wrote:
Hi, My company plans to resell the Network Inline IDS/IPS solution to our customers and support customer. I was given task of evaluation of different solutions in the market. There are some questions asked by our customers and I would like to keep these in mind while evaluating the IDS solutions.
You may want to start with snort-inline. This is not a commercial version, but an OpenSource solution based on Snort. The advantage is you have access to both the source code and signauture/rules. Also, correct me if I'm wrong, but I believe that snort-inline is the only IPS solution that not only can block attacks, but modify/disable them. Would be interested to know if any commercial versions suppport this functionality. http://snort-inline.sf.net lance ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- Help in evaluating Inline IDS/IPS solution Ravi (Jun 04)
- Re: Help in evaluating Inline IDS/IPS solution Stephen Samuel (Jun 05)
- Re: Help in evaluating Inline IDS/IPS solution Lance Spitzner (Jun 05)
- RE: Help in evaluating Inline IDS/IPS solution Brian Laing (Jun 05)
- Re: Help in evaluating Inline IDS/IPS solution Srinivasa Rao Addepalli (Jun 06)
- Re: Help in evaluating Inline IDS/IPS solution SecurityFocus (Jun 09)
- <Possible follow-ups>
- RE: Help in evaluating Inline IDS/IPS solution Golomb, Gary (Jun 05)