Monday, May 05, 2008

Start date for IPS

I'm reading this article by Greg Shipley. He points to 2001 as the start date for "intrusion-prevention systems (IPS)". This is incorrect, the first IPS was "BlackICE Guard", which we shipped in 1999. It is now sold as the IBM Proventia G.

That year isn't a start date for IPS so much as the start date for Windows-based worms like CodeReda and Nimbda. IPS is good for a lot of things, but it's by far the best technology for dealing with worms. I know of at least three critical financial networks that could not filter CodeRed by port, but which kept up and running because BlackICE Guard could filter the worm but let normal HTTP through.

We had a hard time convincing customers of the value of IPS prior to 2001, after which it was easy.

2 comments:

Andre Gironda said...

IPS:
Host - BlackICE (1999)
Network - TopLayer (2000)

The Tao of the Windows Buffer Overflow was released in 1999 along with BackOrifice. I would credit the cDc, not China (Code Red), who drove the need/research that went into this early release of IPS.

At the time, I thought it was a natural evolution of the firewall, not IDS -- but maybe that's just me.

jayasimha said...

Hi Robert,
The site www.robertgraham.com/pubs seems to be down / taken off. I remember having read some really interesting articles some years back, when I was beginning my career in networking software development. I am sure, that material would be useful to me now too. If you have the material posted somewhere on the net, could you please share the URL here?
Also, you write some wonderful technical stuff here, and I am a fledgling software developer in the same field and find the stuff you write pretty interesting. Looking forward to see more of your good technical writing!

Cheers from India,
--Jayasimha