IDS shuts down network access?

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Is there an IDS which can block a machine from a network when it's been
infected with a trojan? At least block Internet access, if it's a box
positioned behind the firewall.

A guy from Network Associates cold-called today to ask me about IDS and when
I asked him this he said he'd have to check with an engineer. Funny, to
seems like that's something which should be mandatory for an IDS.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

What the IDS would basically do is that it would send some alarms.
Scripts can be used to give the intrusion response basically.
-Madhu

admin too wrote:
> Is there an IDS which can block a machine from a network when it's been
> infected with a trojan? At least block Internet access, if it's a box
> positioned behind the firewall.
>
> A guy from Network Associates cold-called today to ask me about IDS and when
> I asked him this he said he'd have to check with an engineer. Funny, to
> seems like that's something which should be mandatory for an IDS.
>
>

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"admin too" <nguser2u@no.spam.AOL.com> wrote in message
news:1073ctnc18uvl74@news.supernews.com...
> Is there an IDS which can block a machine from a network when it's been
> infected with a trojan? At least block Internet access, if it's a box
> positioned behind the firewall.

There are only two IDS/FW products that can block access to a machine when
a Trojan as been detected in the traffic, but that's only on inbound
traffic. That is BlackIce and Sygate.

BlackIce has Application Control that will stop a Trojan from executing when
it hits the machine. I think Sygate has an Application Control feature as
well.

Duane