Using IDS logs to enforce IPS rules?

An Intrusion Protection System is typically defined as a combination of an IDS and an automatic rule creation as reaction to the IDS log entries.

At any rate, over the time this hasn't become any less stupid. So better think twice and abandon this idea.

try out ISS proventia solution there u can have both simulation and in line mode....may be that could be of gr8 help to u..

You mean because of the circular dependency? Do you have other suggestions? Thanks for your answer.

No, because of spoofing. Consider that an IPS blocks automatically every hosts that seems to attack them. Now, as an attacker, I'd spoof all relevant legitimate hosts, and the IPS would block access to them - a wonderful Denial of Service, trademark "self-created". Without a whitelist, you'll even disconnect yourself from your very own hosts, f.e. a DNS server.

Dump the idea of an IPS for the mentioned reasons. Carefully calculate the actual costs of sensibly reading and evaluating the IDS output, and compare it to the marginal security benefits it offers - and most likely you'll end up dumping the IDS as well.

Well, a decent IDS/IPS is supposed to be smarter than that ;-)

So how do you protect your network (and ensure it stays protected)?

Spoofing is not just limited to host, and you can't create any general whitelist, so "smartness" (whatever this is, since AI isn't developed so far) won't help.

Host security and firewalling?

Of course, these are the basis. So you suggest to avoid IDS/IPS. Is there any other security layer that can be added?

Strong encryption and authentication. Access control for the network, f.e. via IEEE 802.11X, RADIUS etc.