IDS mailing list archives
Re: IDS vs Application Proxy Firewall
From: Stefano Zanero <s.zanero () securenetwork it>
Date: Wed, 22 Oct 2008 19:08:14 +0200
"Zow" Terry Brugger wrote:
Unless it is a transparent application proxy,
Given. Still, it works at the application layer, otherwise it is a cunningly-renamed stateful firewall which performs deep inspection.
Unless it is an IPS, in which case
In which case it is not an IDS, and thus not in scope with the original question :)
The difference I'd see is that network IDS/IPS devices typically look for specific signatures (sequences of bytes, regular expressions, certain flags set in the headers, etc) on a session (TCP, UDP, ICMP) or network (IP) level packet.
Counterexamples: Arbor, Lancope
Most can do some degree of session reassembily, but only in so far as to catch signatures which are divided across multiple packets.
I'm pretty sure that Martin Roesch, if he reads, will have something to say here :) -- Cordiali saluti, Ing. Stefano Zanero, PhD CTO & Co-Founder Secure Network S.r.l. Via Venezia, 23 - 20099 Sesto San Giovanni (MI) Phone: +39 02.24126788 Fax: +39 02.24126789 email: s.zanero () securenetwork it web: www.securenetwork.it ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- IDS vs Application Proxy Firewall maash . rajani (Oct 21)
- Re: IDS vs Application Proxy Firewall Stefano Zanero (Oct 21)
- Re: IDS vs Application Proxy Firewall "Zow" Terry Brugger (Oct 22)
- Re: IDS vs Application Proxy Firewall Stefano Zanero (Oct 22)
- Re: IDS vs Application Proxy Firewall "Zow" Terry Brugger (Oct 22)
- Re: IDS vs Application Proxy Firewall Stefano Zanero (Oct 22)
- Re: IDS vs Application Proxy Firewall Arian J. Evans (Oct 24)
- Re: IDS vs Application Proxy Firewall "Zow" Terry Brugger (Oct 22)
- Re: IDS vs Application Proxy Firewall Stefano Zanero (Oct 21)
- <Possible follow-ups>
- Re: Re: IDS vs Application Proxy Firewall ebennett (Oct 22)