On Tue, 2005-09-06 at 20:23 +0100, Seek Knowledge wrote: > Actually... > It is either or when it comes to being in-line.
Heh... nope. You missed the point. > Why > you ask? 1) Cost and 2) Infrastructure... both of > which I have to fight for. From a cost perspective... > I can deploy IDS without really purchasing anything > new... I recycle some hardware, put on Linux and throw > snort on it and I am good to go. IPS... I don't think > so. But if you decide to buy an IPS, it doesn't prevent you from deploying your free Snort sensors as well. They will then alert you when your IPS fails. IDSes are complementary to any proactive IPS systems. IPSes don't replace IDSes. That's what I meant by not being an either-or situation. Of course, if your buying decision of an IPS means to you that you don't see a need to deploy IDSes, then that's purely a decision you made. Cheers, Frank -- Ciscogate: Shame on Cisco. Double-Shame on ISS.
signature.asc
Description: This is a digitally signed message part
