Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Checkpoint SmartDefense

from [THolman] Network Security [Permanent Link]
Subject: RE: Checkpoint SmartDefense
Date: Thu, 19 May 2005 20:11:26 -0400 
Hi Fergus,

SmartDefense is a very limited application in terms of real-world
protection, with a limited feature set and minimal protection against volume
based attacks.
As far as intelligence goes, Check Point do keep it up to date, but it's
limitations on Intel based platforms can quickly be seen in a test lab.
Afaik, Interspect is a streamlined version of SmartDefense with no FW-1
component.  It has fared quite badly in customer deployments, not because of
the code, but because you cannot run high-speed IPS on PCI based hardware.
A SYN Flood of several megabytes will bring an Interspect box to its knees.
I'm not vendor bashing (I'm a CCSE in 4.1 and NG and advocate Check Point's
ease of use as a perimeter firewall and VPN solution), but as an IPS and
part of core infrastructure, the hardware simply isn't up to scratch.
It's only pro point is that it's easy to use.  Tick a box, and away you
go...
These facts are refutable - I would happily setup a test environment to
prove this (as have done several times before!).

Regards,

Tim 


-----Original Message-----
From: Fergus Brooks [mailto:fergwa@gmail.com] 
Sent: 18 May 2005 12:10
To: focus-ids@securityfocus.com
Subject: Checkpoint SmartDefense

Hi all,

I am getting some mixed messages regarding this feature. 

1) Does it detect zero day attacks in real time and
recommend/implement remediation

2) How intelligent is it?

3) Is it difficult to configure & maintain?

4) Is this feature different on the Interspect and standard FW-1 boxes


Any comments and real world examples greatly appreciated!

Thanks & regards.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Checkpoint SmartDefense, Dimitrios Patsos
Next by Date:  IDS\IPS that can handle one Gig, Randall Jarrell
Previous by Thread:  RE: Checkpoint SmartDefense, Ofer Shezaf
Next by Thread:  RE: Checkpoint SmartDefense, charles . fasching
Indexes:  [Date] [Thread] [Top] [All Lists]