IDS mailing list archives
RE: IPS comparison
From: Frank Knobbe <frank () knobbe us>
Date: Sat, 03 Sep 2005 02:06:45 -0500
On Tue, 2005-08-30 at 23:58 +0100, Seek Knowledge wrote:
IMHO comparing pure play havior detection to IPS is like comparing apples and oranges.
Of course. IPSes are access control devices (filtering bad traffic) while IDSes are validation devices that alert when invalid/abnormal traffic is present.
but I'll take IPS wherever I can get it thank you. If one can't afford IPS... then I guess going the forensics only route is better than nothing.
If you can't get apple you take an orange? Remember, these are different tools. You can very well have an IPS as a filter and an IDS to verify that the filter works. It's not an either-or situation. Different tools for a different job. Cheers, Frank -- Ciscogate: Shame on Cisco. Double-Shame on ISS.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- RE: IPS comparison, (continued)
- RE: IPS comparison Joseph Hamm (Sep 02)
- RE: IPS comparison James Williams (Sep 02)
- RE: IPS comparison Zahir, Rubayat (Sep 02)
- Re: IPS comparison Frank Knobbe (Sep 05)
- Re: IPS comparison Adam Powers (Sep 07)
- Re: IPS comparison Sanjay Rawat (Sep 08)
- Re: IPS comparison Frank Knobbe (Sep 09)
- Re: IPS comparison Sanjay Rawat (Sep 12)
- MIT Darpa Dataset, Wilmar SULAIMAN (Sep 19)
- Re: MIT Darpa Dataset, Sanjay Rawat (Sep 21)
- RE: IPS comparison Seek Knowledge (Sep 07)
- RE: IPS comparison Frank Knobbe (Sep 08)