tag:blogger.com,1999:blog-4088979.post24228011497486367..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: It's Only a Flesh WoundRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-4088979.post-380727494493729862007-06-13T09:09:00.000-04:002007-06-13T09:09:00.000-04:00'Deconfusicating' is a joke, not a fake synonym. ...'Deconfusicating' is a joke, not a fake synonym. Of course IPS contains IDS, IPS is the successor technology to IDS, about 80%+ of IPS deployments employ blocking, and blocking doesn't remove the requirement for analysis of some detected events.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-59530482312760877992007-05-20T10:02:00.000-04:002007-05-20T10:02:00.000-04:00I have seen IPS's used successfully as inline bloc...I have seen IPS's used successfully as inline blocking at some large organizations, but is generally to prevent known items against policy (use of IM, skype, scans that are as loud as a band...) that could be enforced in other ways. IPSs will not find the intruders that land you front page on the Washington Post, and until we get an IPS that is as wise as Hal from "2001, A Space Odyssey" that will continue to be the case.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-19572895446796031442007-05-19T20:17:00.000-04:002007-05-19T20:17:00.000-04:00I agree with you that the blocking capability of a...I agree with you that the blocking capability of an IPS is rarely used. I have yet to see an IPS accurate enough to trust it to block or allow traffic. As Gene Shultz and you note, they are good for gathering I & W data. The down side is they, as Marcus Ranum says, "Enumerate badness" and only the badness they know about. Looking at the top three Tao layers; Alerts, Statistics and Sessions is how I spot odd activity. Then use them in concert with the fourth layer, Full Content, to determine if the activity is benign or not. Good log data also helps in this analysis.Anonymousnoreply@blogger.com