IDS mailing list archives
Re: True definition of Intrusion Prevention
From: Gary Flynn <flynngn () jmu edu>
Date: Fri, 02 Jan 2004 18:59:08 -0500
Teicher, Mark (Mark) wrote:
I wouldn't have taken this up, but I think it is more important to make the distinction between "blocking" and "prevention" than is made in the hype. They just aren't equivalent. Preventing an attack means that action has been taken to keep the attack from happening.That would be "Attack Prevention" not "Intrusion Prevention". Something that would enable you to reach through the wires and ring their little necks before they hit the enter key.
Or, perhaps, prevent their conception. :) Examples of "Intrusion prevention" are: -a firewall or "IDP" blocking a malicious packet recognized as malicious,-a security policy and associated router ACL saying "don't allow incoming TCP
135 connections", -a desktop firewall configured similar to the router ACL, -a security policy saying all systems on the network must be centrallymanaged and backed up with configuration management software to prevent unnecessary,
unpatched, and poorly configured servers from being on the network.-"IDP" software running on hosts that recognize malicious actions or those contrary to
policy and take steps to avert it They help to prevent an intrusion caused by an attack. --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: True definition of Intrusion Prevention George Capehart (Jan 02)
- Re: True definition of Intrusion Prevention Mike Poor (Jan 02)
- Re: True definition of Intrusion Prevention Brad McGary (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- <Possible follow-ups>
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 02)
- Re: True definition of Intrusion Prevention George Capehart (Jan 02)
- RE: True definition of Intrusion Prevention Brian Taylor (Jan 05)
- Re: True definition of Intrusion Prevention Gary Flynn (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 02)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Bohling James CONT JBC (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- RE: True definition of Intrusion Prevention Fengmin_Gong (Jan 05)
- RE: True definition of Intrusion Prevention Fengmin_Gong (Jan 05)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
- Re: True definition of Intrusion Prevention Frank Knobbe (Jan 05)
- Re: True definition of Intrusion Prevention George Capehart (Jan 05)
(Thread continues...)