IDS: Re: True definition of Intrusion Prevention

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

IDS mailing list archives

Re: True definition of Intrusion Prevention

From: Gary Flynn <flynngn () jmu edu>
Date: Tue, 30 Dec 2003 08:08:05 -0500

Ron Gula wrote:

Yep ... "intrusion prevention" is the latest bandwagon marketing folks
are getting into. What makes matters worse is I think that "intrusion
detection" was also mis-labeled from the start. IDS was really "attack

and probe detection" but rarely did they actually detect realcompromises.


Everything from better passwords to extra firewalls can be considered
intrusion prevention.


Amen.

  I see a lot of folks halting NIDS/HIDS deployments in favor of
enhanced configuration/vulnerability management or even outsourceing

IT altogether.

While I agree that attacking the problem at its source (systeminsecurity) is

the better solution, if that were effective, we wouldn't need firewalls. :)




---------------------------------------------------------------------------
---------------------------------------------------------------------------

By Date By Thread

Current thread:

True definition of Intrusion Prevention Teicher, Mark (Mark) (Dec 29)
- Re: True definition of Intrusion Prevention Gary Flynn (Dec 30)
- <Possible follow-ups>
- Re: True definition of Intrusion Prevention Ron Gula (Dec 29)
  - Re: True definition of Intrusion Prevention Gary Flynn (Dec 30)
- RE: True definition of Intrusion Prevention Teicher, Mark (Mark) (Dec 29)
  - Re: True definition of Intrusion Prevention Gary Flynn (Dec 30)
  - RE: True definition of Intrusion Prevention Craig H. Rowland (Dec 30)
- RE: True definition of Intrusion Prevention Richard Bejtlich (Dec 30)
  - Re: True definition of Intrusion Prevention Bamm Visscher (Dec 30)