Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Intrushield User Experiences Warts 'n' All

from [Brian Smith] Network Security [Permanent Link]
Subject: RE: Intrushield User Experiences Warts 'n' All
Date: Wed, 27 Apr 2005 10:56:11 -0500 
Andy,

If you're thinking of using the IntruShield IPS in inline/blocking mode,
you may also want to ask if the deployment was using an outside tap, the
builtin tap, or inline blocking, as the user experience may vary based
on the mode of deployment.

        Brian Smith
        TippingPoint, a division of 3com


-----Original Message-----
From: Andy Cuff [mailto:lists@securitywizardry.com]
Sent: Monday, April 25, 2005 1:43 PM
To: focus-ids@securityfocus.com
Subject: Intrushield User Experiences Warts 'n' All


Hi List Members
I was wondering if anyone could enlighten me with their 
experiences with
Intrushield IPS, especially in a large environment. I'm especially
interested in (marketeers need not reply):

How easy is it to tune?

What are the false positive rates like?

Can you write custom signatures?

How easy is it to update, both signatures and appliance patches?

How frequently do you receive signature updates?

Does it provide sufficient information for an analyst to 
resolve an event?

Does it do packet capture:

      a. per event?

      b. rolling?

      c. how easy is it to recover said packets?

What is the support like?

Value Added?

Good points?

Bad Points?

Those more important points that I can't remember right now?

I realise I can get much of the above from the website, but I 
would like to
hear it from the horses mouth, from practitioners in the field.



   Regards
Andy Cuff
Chief Technology Officer
Computer Network Defence Ltd
http://SecurityWizardry.com
Phone (+44) (0) 7968 608945




--------------------------------------------------------------
------------
Stop hurting your network!
 
The NeVO passive vulnerability sensor continuously finds 
vulnerabilities, 
applications and new hosts without the need for network scanning. 
It also finds compromised systems with application-based 
intrusion detection. 
Go to http://www.tenablesecurity.com/products/nevo.shtml to 
learn more.
--------------------------------------------------------------
------------




--------------------------------------------------------------------------
Stop hurting your network!
 
The NeVO passive vulnerability sensor continuously finds vulnerabilities, 
applications and new hosts without the need for network scanning. 
It also finds compromised systems with application-based intrusion detection. 
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: GFI SELM Question, Chris Petersen
Next by Date:  RE: Intrushield User Experiences Warts 'n' All, Ed Gibbs
Previous by Thread:  Re: Intrushield User Experiences Warts 'n' All, david kuhlman
Next by Thread:  Looking for free IDS training, Angel L Rivera
Indexes:  [Date] [Thread] [Top] [All Lists]