Did not realize you were with Sourcefire Joel, would not have been so 'harsh' in my comments. Give my regards to Martin.
FWIW, it was Snort that forced me to create the world's first SIM in 2000, when I could not stand the false positives, and decided to put all my servers in the top 128 of a class A and nothing but honeypots in the bottom 128 and only monitor it. Every time I got an alert, I knew I had bagged a cracker. Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA [email protected] [email protected] On Fri, Feb 18, 2011 at 9:28 AM, Joel Esler <[email protected]> wrote: > Fair enough, (and I doubt I'm too young), however, back then, there was no > difference. There is now. > > When ISS RealSecure first starting coming out with the technology of sending > RST packets, I remember people called it IPS back then too. When tools that > auto-blocked at firewalls started coming out, they called it IPS, when IPS > without a failopen came along, people called it an IPS. However, if we look > at the landscape now, I argue that it's different and we wouldn't call IPS > the same thing anymore. Which is why I didn't. > > I think it's important to understand not only where we've been, but where we > are, and where we are going. I work in the IPS industry (Sourcefire) as I am > sure many others on this list do as well, and it's important (at least to me) > that people understand the distinction. I get the reaction all the time that > "IPS doesn't work, because all it does is send RST packets", which in fact > IPS is now a very mature technology. > > I think it's important to understand the difference in the technologies. Not > everyone on the list has "been there and done that". The beauty part about a > list like this is it brings the seasoned and the new together in a common > environment where the above can be discussed. > > Joel > > On Feb 18, 2011, at 9:21 AM, Curt Purdy wrote: > >> If this were a literary list, we could argue semantics till the cows >> come home Joel. But being an information security list let's stick to >> technology. You may be too young to remember the very first Intrusion >> 'Protection' System that was not in-line at all. It was simply an IDS >> that added ACLs to the firewall to block the grievous party. Everyone >> accepted the developer's term 'IPS'. >> >> Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA >> [email protected] >> [email protected] ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
