[Snort-users] New Trend: Intrusion Prevention

SecurityAdmin at ...7345... SecurityAdmin at ...7345...
Fri Dec 13 10:48:02 EST 2002

If you use hogwash with snort you can dynamically block certain connections
based on rules.....intrusion prevention. 
Detection will never go away, how do you prevent something dynamically if
you don't detect it is happening in the first place. However the
intelligence of the detection must get better, and possibly more granular
before Intrusion prevention becomes truly viable. There is nothing worse
than blocking a legitimate connection because of some setting or stack
problem on the user end, or a multitude of other reasons. Intrusion
Prevention is the latest buzzword/silver bullet but it has a long way to go
before it adds the same value to an organization as a competent and
knowledgeable security admin with a good set of tools and management support
IMHO. Snort 2.0 is moving rapidly towards the better, more granular and
accurate Intrusion Detection.
-----Original Message-----
From: Sheahan, Paul (PCLN-NW) [mailto:Paul.Sheahan at ...2218...
<mailto:Paul.Sheahan at ...2218...> ] 
Sent: Friday, December 13, 2002 10:31 AM
To: Snort List (E-mail)
Subject: [Snort-users] New Trend: Intrusion Prevention
I attended Infosecurity 2002 yesterday and there was much talk about
intrusion detection going away, and intrusion prevention replacing it. Does
anyone know if there are any plans to include intrusion prevention
functionality into Snort in the future?
Paul Sheahan
Manager of Information Security
paul.sheahan at ...2218...
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility 
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/ <http://hpc.devchannel.org/>
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021213/230152af/attachment.html>

More information about the Snort-users mailing list