On Wed, 7 Mar 2001, Ron DuFresne wrote: > This is fine and we will all have our own definitions, yet, as time has > progressed and SW has too, I still tend to differentitate; > > in my mind IDS systems are more proactive, able to warn at the point of IDS systems are all reactive. > attack, while tools like tripwire can only warn you 'after the fact'. I Network IDS' are as much 'after the fact' as host-based ones- you have to get the packets to do any trending/analysis of them. If "like tripwire" means checksumming integrity checkers, they can be as immediate as network IDS systems are, which is still reactive rather than proactive in my book. > think there is a vast difference in those two parts od what some like to > lump into one definition. If you do the right stuff up front, any IDS is of comapritively small incremental value anyway for anything less than 'after the fact' analysis or trending data. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
