Talk:Intrusion-prevention system

From Wikipedia, the free encyclopedia

You have new messages (last change).

Is it correct to add what test that can bee found? Both from vendor and from independent part as ISCA Labs?

I don't think "Intrusion prevention systems were invented by One Secure which was latter acquired by NetScreen Technologies that was aquired by Juniper Networks in 2004" concerns IPS. This is more a company ad.

Indeed, IPS or inline IDS is attributed to Jed Haile who first developed inline IDS while working for the Department of Energy. Jed's work later became Hogwash (with help from Jason Larsen) followed by an independent release which became part of snort named snort-inline. Additionally, Vern Paxon implemented an inline IDS well before IPS was a glimmer in Nir Zuk's eyes.

[edit] Umm, what about Network ICE?

IPSs were simultaneously invented by a lot of people. The first instance of IPS I am familiar with is the BlackICE engine from NetworkICE. That was surely the first commercial IPS. NetworkICE had an in-line IPS on the market in 1999. Well ahead of OneSecure and the others.

I think its best to leave off who invented it. Let's assume a number of different groups were developing the technology simultaneously in the late 1990s.

[edit] Does IPS mean inline

Long before (Internet time long before) inline IPS like Hogwash, most IDS had the functionality of performing prevention. The most common technique was the RESET packet. An IDS that saw an attack would send a RESET packet to the systems involved, killing the connection. This did not allow for UDP or ICMP protection. Also, this technique was vulnerable to a race condition between the attack and the RESET packet. Another technique, implemented in Checkpoint's OPSEC for example, was to send a command to the firewall to block the offending condition (most likely source address, but could be a particular subnet or even port). This did address follow-on unspoofed UDP attacks. It also proved useful against scan and exploit oriented attacks like worms.

The inline IPS was just a step in integration between the firewall and the IDS. I would debate giving too much credit for a particular instance or product. To conclude, prevention occured at the host-based level in anti-virus products a decade before the network layer.

Retrieved from "http://en.wikipedia.org../../../i/n/t/Talk%7EIntrusion-prevention_system_4672.html"