|
IDS
mailing list archives
Re: True definition of Intrusion Prevention
From: Gary Flynn <flynngn () jmu edu>
Date: Fri, 02 Jan 2004 18:59:08 -0500
Teicher, Mark (Mark) wrote:
I wouldn't have taken this up, but I think it is more important to make
the distinction between "blocking" and "prevention" than is made in the
hype. They just aren't equivalent. Preventing an attack means that
action has been taken to keep the attack from happening.
That would be "Attack Prevention" not "Intrusion Prevention". Something
that would enable
you to reach through the wires and ring their little necks before they
hit the enter key.
Or, perhaps, prevent their conception. :)
Examples of "Intrusion prevention" are:
-a firewall or "IDP" blocking a malicious packet recognized as malicious,
-a security policy and associated router ACL saying "don't allow
incoming TCP
135 connections",
-a desktop firewall configured similar to the router ACL,
-a security policy saying all systems on the network must be centrally
managed and backed up with configuration management software to
prevent unnecessary,
unpatched, and poorly configured servers from being on the network.
-"IDP" software running on hosts that recognize malicious actions or
those contrary to
policy and take steps to avert it
They help to prevent an intrusion caused by an attack.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: True definition of Intrusion Prevention, (continued)
|
Intro
