Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: How to choose an IDS/FW MSS provider

from [buineach] Network Security [Permanent Link]
Subject: Re: How to choose an IDS/FW MSS provider
Date: Tue, 8 Mar 2005 21:58:18 +0000 
Stephane
My opinions here are based on testing I did against all these vendors
in the IPS space.
Netscreen IDP, Checkpoint (whatever) & ISS preventia are PC based
solution  like all PC based solutions it has a bad foundation to build
on.
The central PC based CPU appract of Netscreen IDP , Checkpoint  & ISS 
mean that you would be a brave man to depend on any of these solutions
to provide your requested 24x7x365 concept.
IIt is important to differenciate the Netscren firewalls from the IDP
which is 2 different architectures, The IDP coming from their
acquisition of Onesecure.

What happens when  the next worm outbreak occurs from someone bringing
in an infected PC and the IPS is deployed to quarantine bad traffic to
different segments.
Part of some of the attacks last year was to synflood  some unix and
windows vendors.
What is to stop the next worm sending out the same volume of garbage
fragmented traffic that any IPS which is in any way stateful  must
deal with to determine firstly the destination port and coaleace these
before having the traffic passed to the string search engine.
You can imagine that this type of device can quicly beome the
bottleneck in your network.

A quick test is to use isic  tool (tcpsic)  to send bad traffic
through the IPS at at least 20Mb/sec to simulate some compromised
systems and see what effect this has on legitimate sesiions and the
usability of the "appliance"

PIX is a FW and Cisco are plugging the IPS V5.0  which is as far as I
can tell putting their IDS 4xxx series inline.
I have no experience with this but there have been many comments
posted related to this.

My reccommendation is to put a test plan together and evaluate  some
of the more compitent solutions.

Happy hunting..
Mick



On Mon, 07 Mar 2005 11:41:31 +0100, Stephane <stephane.d@ecologie.net> wrote:

Dear All,

How do I choose an IDS/IPS provider if I need a strong level of
expertise 24x7x365 and a worldwide representaion? I need it on
Netscreen, PIX, CheckPoint and ISS Realsecure and Proventia.

Thank you,

S.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How to choose an IDS/FW MSS provider, Stephane
Next by Date:  Re: How to choose an IDS/FW MSS provider, Stephane
Previous by Thread:  RE: How to choose an IDS/FW MSS provider, Randy Golly
Next by Thread:  Re: How to choose an IDS/FW MSS provider, Stephane
Indexes:  [Date] [Thread] [Top] [All Lists]