Re: [Snort-users] What are the differences between and IPS and
This is a discussion on Re: [Snort-users] What are the differences between and IPS and within the Snort forums, part of the System Security and Security Related category; Hi, IDS taps for packets and alerts about a attack. IDS can tap at different points in the network and ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-02-2003
|
|||
|
|||
Re: [Snort-users] What are the differences between and IPS and
Hi,
IDS taps for packets and alerts about a attack. IDS can tap at different points in the network and sends logs to a central database to analyse the logs. Inline IPS runs in the gateway of the network. It uses the same IDS search engine and detection engine to detect attacks. - IPS blocks connections by sending TCP Reset or ICMP error message to the sender. - Second way is to set policies in the firewall to block particular connection Drawbacks with IDS: by the time responder reacted damage would have been occured With inline IPS: lots of processing time Regards, Ravi >In short, an IPS actively blocks packets which appear to be a part of an >attack. It's behavior is a bit like a firewall in that respect, but it >inspects application layer data instead of header-layer data. > It should however be noted that an IPS is NOT a firewall replacement. > >An IDS notes that an offending packet occurred, but does nothing other >than log the event. > >An IPS has the advantage of actively preventing attacks, but has the >drawback of reducing network throughput (each packet has to be inspected >before it is passed on) and also possibly blocking legitimate traffic. > >An IDS doesn't slow down the rate of data flowing into your network, since >it's merely a tap and network data doesn't go through it, but has the >drawback of only telling you about attacks after the fact. > > > >------------------------------------------------------- >This sf.net email is sponsored by:ThinkGeek >Welcome to geek heaven. >http://thinkgeek.com/sf >_______________________________________________ >Snort-users mailing list >Snort-users@lists.sourceforge.net >Go to this URL to change user options or unsubscribe: >https://lists.sourceforge.net/lists/...fo/snort-users >Snort-users list archive: >http://www.geocrawler.com/redir-sf.p...st=snort-users The Views Presented in this mail are completely mine. The company is not responsible for what so ever. ---------- Ravi Kumar CH Rendezvous On Chip (I) Pvt Ltd Hyderabad, INDIA ROC HOME PAGE: http://www.roc.co.in ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
