- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
New intrusion-detection systems that go beyond monitoring attacks to actually blocking them have network executives intrigued, but some worry that the devices could quash legitimate traffic, cause network latency and present a single point of failure.
Unlike traditional IDS products that stay out of the way of network traffic, passively monitoring the traffic going by and leaving the blocking of attacks to routers or firewalls, these new "intrusion-prevention" systems inspect traffic directly as it makes its way from outside a corporate LAN to end users' desktops.
The latest vendors to air plans for such intrusion-prevention appliances are Top Layer Networks and Sourcefire. Top Layer, which already makes a variety of network security devices, next week plans to announce appliances focused on HTTP Port 80 attacks, computer worms and other signature attacks it says companies will not hesitate to block. Separately, Sourcefire Founder and CTO Martin Roesch - who has commercialized the Snort intrusion-detection freeware he developed - divulged that the company is readying an intrusion-prevention device for early next year. These companies follow others such as Internet Security Systems (ISS), IntruVert, NetScreen Technologies and TippingPoint Technologies into the market.
For organizations seeing no slowdown in attacks, it may be hard to pass up new offerings despite reservations being expressed.
"Passive monitoring just wasn't accomplishing anything," says Stephen Olsen, IT director at The Las Vegas Review Journal, which has used the NetScreen IDP-100 to guard its multimegabit Internet access connection. But the Review is using the product to block only a modest portion of known attacks because of concern about dropping legitimate traffic for the Web sites the publication manages.
With the FBI's help, the Review is chasing down and prosecuting a hacker who had attacked the publication via the Internet. The IDP-100-generated report helped provide evidence about the hacker's activity, although the strongest evidence probably came from packets originating from the hacker's IP address that weren't blocked as opposed to those that were, Olsen says.
Such issues will come to the forefront as more companies try intrusion prevention.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment