IDS mailing list archives
Re: Re: IDS vs Application Proxy Firewall
From: ebennett () taylorbean com
Date: Wed, 22 Oct 2008 10:12:42 -0600
An IDS usually uses specific signatures and compares them to the data passing through it in a non intrusive, transparent manner and takes no action, but just merely logs an event if it identifies one. Therefore it is reactive and it uses a negative enforcement model of identifying known "bad" traffic. An application layer firewall will inspect traffic at layer 7 and determine whether the traffic is working within a given set of confines which is usually that of an RFC. If so then it allows the traffic. The argument here is that most attacks do not fall within the confines of RFCs. The question is does you web server comply to RFCs. If not its not worth much more to you then a packet filter. This is a positive enforcement model though as it only allows known "good" traffic. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- IDS vs Application Proxy Firewall maash . rajani (Oct 21)
- Re: IDS vs Application Proxy Firewall Stefano Zanero (Oct 21)
- Re: IDS vs Application Proxy Firewall "Zow" Terry Brugger (Oct 22)
- Re: IDS vs Application Proxy Firewall Stefano Zanero (Oct 22)
- Re: IDS vs Application Proxy Firewall "Zow" Terry Brugger (Oct 22)
- Re: IDS vs Application Proxy Firewall Stefano Zanero (Oct 22)
- Re: IDS vs Application Proxy Firewall Arian J. Evans (Oct 24)
- Re: IDS vs Application Proxy Firewall "Zow" Terry Brugger (Oct 22)
- Re: IDS vs Application Proxy Firewall Stefano Zanero (Oct 21)
- <Possible follow-ups>
- Re: Re: IDS vs Application Proxy Firewall ebennett (Oct 22)