Re: Re: IDS vs Application Proxy Firewall

[ebennett () taylorbean com]

An IDS usually uses specific signatures and compares them to the data passing through it in a non intrusive, 
transparent manner and takes no action, but just merely logs an event if it identifies one.  Therefore it is reactive 
and it uses a negative enforcement model of identifying known "bad" traffic.

An application layer firewall will inspect traffic at layer 7 and determine whether the traffic is working within a 
given set of confines which is usually that of an RFC.  If so then it allows the traffic.  The argument here is that 
most attacks do not fall within the confines of RFCs.  The question is does you web server comply to RFCs.  If not its 
not worth much more to you then a packet filter.  This is a positive enforcement model though as it only allows known 
"good" traffic.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------