Snort mailing list archives

RE: New Trend: Intrusion Prevention

From: SecurityAdmin () aspentech com
Date: Fri, 13 Dec 2002 13:46:54 -0500

If you use hogwash with snort you can dynamically block certain connections
based on rules.....intrusion prevention. 
Detection will never go away, how do you prevent something dynamically if
you don't detect it is happening in the first place. However the
intelligence of the detection must get better, and possibly more granular
before Intrusion prevention becomes truly viable. There is nothing worse
than blocking a legitimate connection because of some setting or stack
problem on the user end, or a multitude of other reasons. Intrusion
Prevention is the latest buzzword/silver bullet but it has a long way to go
before it adds the same value to an organization as a competent and
knowledgeable security admin with a good set of tools and management support
IMHO. Snort 2.0 is moving rapidly towards the better, more granular and
accurate Intrusion Detection.
 
-----Original Message-----
From: Sheahan, Paul (PCLN-NW) [mailto:Paul.Sheahan () priceline com
<mailto:Paul.Sheahan () priceline com> ] 
Sent: Friday, December 13, 2002 10:31 AM
To: Snort List (E-mail)
Subject: [Snort-users] New Trend: Intrusion Prevention
 
 
I attended Infosecurity 2002 yesterday and there was much talk about
intrusion detection going away, and intrusion prevention replacing it. Does
anyone know if there are any plans to include intrusion prevention
functionality into Snort in the future?
 
Thanks,
 
Paul Sheahan
Manager of Information Security
Priceline.com
paul.sheahan () priceline com
 
 
 
 
-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility 
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/ <http://hpc.devchannel.org/>
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
<https://lists.sourceforge.net/lists/listinfo/snort-users> 
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
<http://www.geocrawler.com/redir-sf.php3?list=snort-users>

Current thread:

RE: New Trend: Intrusion Prevention, (continued)
- - RE: New Trend: Intrusion Prevention Ofir Arkin (Dec 14)
    - Re: New Trend: Intrusion Prevention Kevin Black (Dec 15)
    - Re: New Trend: Intrusion Prevention Frank Knobbe (Dec 15)
    - Re: New Trend: Intrusion Prevention Kevin Black (Dec 15)
    - Re: New Trend: Intrusion Prevention Frank Knobbe (Dec 15)
- RE: New Trend: Intrusion Prevention Steve Halligan (Dec 13)
  - RE: New Trend: Intrusion Prevention Nathan Whitehouse (Dec 13)
- RE: New Trend: Intrusion Prevention Ibarra, Michael (Dec 13)
  - RE: New Trend: Intrusion Prevention twig les (Dec 13)
    - Re: New Trend: Intrusion Prevention Erick Mechler (Dec 13)
- RE: New Trend: Intrusion Prevention SecurityAdmin (Dec 13)
- RE: New Trend: Intrusion Prevention Bob Dehnhardt (Dec 13)
  - Re: New Trend: Intrusion Prevention Alberto Gonzalez (Dec 13)
- RE: New Trend: Intrusion Prevention Chris Eidem (Dec 13)
- RE: New Trend: Intrusion Prevention Sheahan, Paul (PCLN-NW) (Dec 16)
- Re: New Trend: Intrusion Prevention Robby Desmond (Dec 17)