Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Proxy Administrator (proxyadmin_at_rediffmail.com)
Date: Thu Oct 31 2002 - 10:30:50 CST
I read a lot of messages which say putting an IDS inline would
convert it into an Intrusion Prevention System or something to
that effect. This would be true to a certain extent. Putting it
inline would make sure that you see all the packets, so you
wouldn't miss any attack that it *could* detect. Basically, the
solution that is being propagated here is an IDS which is going to
take action by resetting connections, blocking IP addresses etc.
Still not an actual IPS.
I would think that something like "systrace" qualifies as an
Intrusion Prevention solution more than an inline IDS. We set
rules as to how a privileged process is supposed to behave and
anything out of the ordinary would not be allowed. That seems more
like Intrusion Prevention than the other solutions, which are
detecting intrusions and dropping connections.
While "systrace" would in my opinion qualify as a host-based
intrusion prevention system, something similar would be needed to
qualify as NIPS.