[Snort-users] New Trend: Intrusion Prevention
bob.dehnhardt at ...7168...
Fri Dec 13 11:10:05 EST 2002
Everything I've seen about IPS is that it's intended as another facet of
security, not as a replacement for IDS. IPS is useful for preventing attacks
that can be identified with a high (99%+) degree of accuracy, like SYN/FIN
sweeps. Attacks that may have a significant number of false positives are
outside IPS's realm, since having that traffic dropped would likely affect
normal network operations. IDS with a real live decision-making person will
be used in those cases, just as today.
There is no single solution, probably never will be.
IT Operations Manager - Reno
From: Steve Halligan [mailto:giermo at ...187...]
Sent: Friday, December 13, 2002 10:16 AM
To: 'Sheahan, Paul (PCLN-NW)'; Snort List (E-mail)
Subject: RE: [Snort-users] New Trend: Intrusion Prevention
>I attended Infosecurity 2002 yesterday and there was much talk about
>intrusion detection going away, and intrusion prevention
>replacing it. Does
>anyone know if there are any plans to include intrusion prevention
>functionality into Snort in the future?
The future is now.
Also see Hogwash at:
Now one could (and I would) debate the premise that you stated, but that is
a whole 'nother can of worms.
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility
Learn to use your power at OSDN's High Performance Computing Channel
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users