On Wed, 7 Mar 2001, Paul D. Robertson wrote:
> On Wed, 7 Mar 2001, Ron DuFresne wrote:
>
> > This is fine and we will all have our own definitions, yet, as time has
> > progressed and SW has too, I still tend to differentitate;
> >
> > in my mind IDS systems are more proactive, able to warn at the point of
>
> IDS systems are all reactive.
Understood, true, sorry I blew that up <grin>...
>
> > attack, while tools like tripwire can only warn you 'after the fact'. I
>
> Network IDS' are as much 'after the fact' as host-based ones- you have to
> get the packets to do any trending/analysis of them. If "like tripwire"
> means checksumming integrity checkers, they can be as immediate as network
> IDS systems are, which is still reactive rather than proactive in my book.
>
> > think there is a vast difference in those two parts od what some like to
> > lump into one definition.
>
> If you do the right stuff up front, any IDS is of comapritively small
> incremental value anyway for anything less than 'after the fact' analysis
> or trending data.
>
It's still just a matter of how I personally view the different packages.
I tend to view tripwire more in the realm of AV SW.
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
