RE: How to choose an IDS/FW MSS provider

Hi,

Evaluation Criterias for an IPS maybe generally;

-Catching Modified Worm Variants(not detecting only patterns,looking for the 
underlying vulnerability) -False Positive/Negative ratio under heavy load 
-ability of stateful inspection -stability of the appliance in a long term 
period -Fail Safe solutions -Simulation Mode Property(first deploying in an 
in-line simulation mode to see what it does with your true network traffic in 
real time-good for tuning an inline appliance without disrupting network 
availability) -some firewall capabilities(dynamic firewall blocking an intruder 
for sometime without inspecting traffic coming from that intruder-helps improve 
performance) -different blocking options for different situations:

 Drop Packet-For icmp/udp related events  Drop Connection - For TCP based 
events  Connection With Reset - For IM/P2P based "smart" applications

These are some general specifications that comes first in my mind


-----Original Message-----
From: Giner Albarracin, Virgilio [mailto:Virgilio.GinerAlbarracin@telekom.de]
Sent: Friday, March 11, 2005 3:39 PM
To: Melih Kırkgöz (Koç.net)
Subject: AW: How to choose an IDS/FW MSS provider

Hi Melih,
I would apreciate very much if you can provide me some information about your 
evaluation: Evaluation Criteria, Results, ...
I'm at the begining of an IDS/IPS Evaluation, and your experience could help me 
very much.

Thanks in advance,
Virgilio

> -----Ursprüngliche Nachricht-----
> Von: Melih Kirkgöz (Koç.net) [mailto:melihk@koc.net]
> Gesendet: Dienstag, 8. März 2005 08:22
> An: Stephane; focus-ids@securityfocus.com
> Betreff: RE: How to choose an IDS/FW MSS provider
> Wichtigkeit: Hoch
>
>
> Hello Stephane,
>
> We have been using ISS since last two years.(50 Server
> Sensor,15 Network Sensor,1 Proventia G 100 IPS),managed by 
> SiteProtector. We tested Netscreen,ISS,Radware,NAI Intrushield and 
> Checkpoint during our evaluation period for intrusion 
> detection/prevention systems. Strong level of expertise and good 
> technical support was one of the big reasons choosing ISS.
>  
>
> -----Original Message-----
> From: Stephane [mailto:stephane.d@ecologie.net]
> Sent: Monday, March 07, 2005 12:42 PM
> To: focus-ids@securityfocus.com
> Subject: How to choose an IDS/FW MSS provider
>
> Dear All,
>
> How do I choose an IDS/IPS provider if I need a strong level of 
> expertise 24x7x365 and a worldwide representaion? I need it on 
> Netscreen, PIX, CheckPoint and ISS Realsecure and Proventia.
>
> Thank you,
>
> S.
>
> --------------------------------------------------------------
> ------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from 
> CORE IMPACT. Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> --------------------------------------------------------------
> ------------
> ______________________________________________________________
> ______________________________________________________________
> _________________
> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. 
> Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir 
> sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen 
> e-posta mesajini kullaniciya hemen geri gonderiniz  ve  tum 
> kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir 
> sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para 
> karsiligi satilamaz.  Bu e-posta mesaji viruslere karsi anti-virus 
> sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta 
> mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - 
> virus icermedigini garanti etmez ve meydana gelebilecek zararlardan 
> dogacak hicbir sorumlulugu kabul etmez.
> This message is intended solely for the use of the individual or 
> entity to whom it is addressed , and may contain confidential 
> information. If you are not the intended recipient of this message or 
> you receive this mail in error, you should refrain from making any use 
> of the contents and from opening any attachment. In that case, please 
> notify the sender immediately and return the message to the sender, 
> then, delete and destroy all copies. This e-mail message, can not be 
> copied, published or sold for any reason. This e-mail message has been 
> swept by anti-virus systems for the presence of computer viruses. In 
> doing so, however,  sender  cannot warrant that virus or other forms 
> of data corruption may not be present and do not take any 
> responsibility in any occurrence.
> ______________________________________________________________
> ______________________________________________________________
> _________________
>  
>  
>  
>
> --------------------------------------------------------------
> ------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from 
> CORE IMPACT.
> Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_04
0708
to learn more.
--------------------------------------------------------------------------
_____________________________________________________________________________________________________________________________________________
Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu 
e-posta mesaji size yanlislikla ulasmissa,  icerigini hic bir sekilde 
kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini 
kullaniciya hemen geri gonderiniz  ve  tum kopyalarini mesaj kutunuzdan 
siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin 
cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz.  Bu e-posta mesaji 
viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, 
bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - 
virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak 
hicbir sorumlulugu kabul etmez.  
This message is intended solely for the use of the individual or entity to whom 
it is addressed , and may contain confidential  information. If you are not the 
intended recipient of this message or you receive this mail in error, you 
should refrain from making any use of the contents and from opening any 
attachment. In that case, please notify the sender immediately and return the 
message to the sender, then, delete and destroy all copies. This e-mail 
message, can not be copied, published or sold for any reason. This e-mail 
message has been swept by anti-virus systems for the presence of computer 
viruses. In doing so, however,  sender  cannot warrant that virus or other 
forms of data corruption may not be present and do not take any responsibility 
in any occurrence. 
_____________________________________________________________________________________________________________________________________________
 
_____________________________________________________________________________________________________________________________________________
 
Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu 
e-posta mesaji size yanlislikla ulasmissa,  icerigini hic bir sekilde 
kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini 
kullaniciya hemen geri gonderiniz  ve  tum kopyalarini mesaj kutunuzdan 
siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin 
cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz.  Bu e-posta mesaji 
viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, 
bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - 
virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak 
hicbir sorumlulugu kabul etmez.  
This message is intended solely for the use of the individual or entity to whom 
it is addressed , and may contain confidential  information. If you are not the 
intended recipient of this message or you receive this mail in error, you 
should refrain from making any use of the contents and from opening any 
attachment. In that case, please notify the sender immediately and return the 
message to the sender, then, delete and destroy all copies. This e-mail 
message, can not be copied, published or sold for any reason. This e-mail 
message has been swept by anti-virus systems for the presence of computer 
viruses. In doing so, however,  sender  cannot warrant that virus or other 
forms of data corruption may not be present and do not take any responsibility 
in any occurrence. 
_____________________________________________________________________________________________________________________________________________
 
 
 
 

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------