Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Top Layer Attack Mitigator - Experience?

from [James Pichardo] Network Security [Permanent Link]
Subject: RE: Top Layer Attack Mitigator - Experience?
Date: Fri, 27 Aug 2004 13:01:17 -0400 
Hi,

We've been using TL 2800 platform for about 6 months and recently
switched to their new 5500 platform. Our experience has been quite
good regarding the hardware and also we feel we are working with guys
who really have experience in DDoS. That's the best part of TL; They
have very knowledgeable security engineers with real experience on
high traffic attacks and they just make sure the IPS fits well on your
 infrastructure.

Hardware side, let me tell you this: we went through really dificult
times with huge attacks. As most companies it took us completely
unprepared. Our PIX 535 behaved like a small hub during the attacks,
completely unoperational and unable to sustain the SYNs/sec traffic.
So we went shopping and of course went to the big names first. We
initially deployed a NetScreen 5200 and after a couple of attacks it
became useless as well. At that point our ISP suggested TL. We were
not sure at the beginning since the company can be considered small if
compared with Cisco and NS, but TL offered us a trial. This just
worked well. They even tested the IPS deployment with IXIA traffic
generators and proved to us that the 2800 (it is a cluster of 8 IPS)
sustained attacks of 550-600,000 SYNs/sec. We haven't had very large
attacks since then (only small attacks of about 60,000 SYNS/sec), but
after the equipment being working flawlessly for the las 6 months we
are pretty confident we are in good hands.

The only thing I could mentioned for the 2800 was the management
interface. It seemed clumsy to me at times but the new platform (5500)
has made excellent improvements
on this side. They also lack a very comprehensive MIB but the
enhancements to the alarms triggering mechanism (you can now generate
syslog messages that alert when SYNs/sec are above a threshold level),
are steps on the right direction. This guys seemed to work hard
improving their IPS offer, they have made the architecture more
modular and even added a Firewall module which should help network
engineers to enforce security policies and save some CPU cycles on the
IPS unit.

Overall I see the TL guys in a very confortable position on the IPS
market and if their support continues to be as good, they'll just
doing the right stuff.

James.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: McAfee Intercept, David Maynor
Next by Date:  Re: need your help,thanks, Charles Heselton
Previous by Thread:  Re: Top Layer Attack Mitigator - Experience?, Zul-Azry Alias
Next by Thread:  Switch Port Mirroring, Andy Cuff
Indexes:  [Date] [Thread] [Top] [All Lists]