key things to consider:
- increased packet latency through the IPS. this is worsened as you
increase the number of things you detect and/or block
- careful of false positives, so only block the minimum number of
exploits (around 30 or so out of the entire base of things seem to
operate.)
- power redundancy and network failover are other considerations.
- failure to detect at high packet rates or high mbps rates. you have
to stress test this yourself and use your peak average network stats
as the baseline for packet rates and mbps rates. some ips systems
stop detecting attacks at higher packet and bandwidth rates.
peter
On Wed, 15 Dec 2004 07:31:42 +0100, Christoph Pertl (tm011081)
<tm011081@fh-stpoelten.ac.at> wrote:
Hi,
I'm right now in the middle of a Project with the goal to implement an IPS
in an existing infrastructure. One of our possible Partners offers us the
new IPS Product from Cisco.
Does anyone of you now something about this machine or at least about the
older IDS-Box because I think the Inspection Engine will be the same?
Any Information about how well it performs in a real environment would be
great
Christoph
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
