Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Proventia G400

from [Planz] Network Security [Permanent Link]
Subject: Re: Proventia G400
Date: Fri, 28 Oct 2005 16:29:19 +0800
I also did some extensive evaluation of various IPS sometimes ago.I remember that the same points were told to me by one of the competitors of Proventia, but later I found most of them are mud slinging type facts. I recall from my experience that:

#1: Proventia G400 has a standalone Local Management Interface. It doesn't require a SiteProtector to manage and is optional.
#2: The by-pass feature which is passing the traffic fail-open in case of IPS appliance failure, is built-in for Copper interfaces. For fibre interfaces, it is external. FYI, some IPS vendors do not have this feature at all.
#3: It is not purely signature reliant.

Regarding NSS reports, only the vendor can explain.


FinAckSyn wrote:

Hi Valter,

We are currently evaluating IPS vendors in order to
make an informed choice about which is going to be
best for our customers (we are a security
consultancy/reseller).

Unfortunately, ISS Proventia was one of the first to
drop off the list.  It's one of those that fell into
our category of inline-IDS.  Heavily signature
reliant, PC-based, doesn't run standalone (needs
external management), plus the requirement of an
external unit to enable resiliency in case of
Proventia hw/sw failure made the overall solution
quite bulky.  Even more so for a single-box
deployment.

Throughput of 400Mpbs seemed reasonable, but if you're
going to include Gb ports on a device, in our opinion,
that device should be able to handle a full Gb.  It
didn't handle 400Mbps of small packets very well,
either, so you would need a separate DDOS device (ISS
don't supply these) if true enterprise perimeter or
hosting protection is required.

SiteProtector software is excellent - one of the best.
But you need to see through this and work out whether
or not the device offers the protection you need,
rather than choose a product based on appearance.  The
reports are also pretty nifty too.
If we had to choose a product based on policy
management and reporting, ISS would come pretty close
to the top of the list.

Digging deeper, we also looked for independent test
results. We referred to www.nss.co.uk, whom offer the
most thorough tests on the market. No sign of ISS,
except in the old IPS Edition 1 test (non-current). 

We did hear on the grapevine that ISS (and Check
Point, for that matter), both submitted their products
for Edition 2 and 3 testing, but nothing came out of
the other end.  We can only assume that they declined
to have their results published.

Our thoughts?  It's not really a true IPS.  Next.

Regards,

Matt


--- Valter Santos <vsantola@sectoid.com> wrote:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there,

anyone out there is using ISS Proventia G400 series,
and is willing to
share some thoughts ?

thanx
/valter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)




iD8DBQFDXLlgR7pJvOKksgYRApuSAJ0XEwPrGGTmj73XPsUzA8/Yjv3PkACg0SJG


gpFJyahq23YI88HmK/29xFQ=
=tb4B
-----END PGP SIGNATURE-----




------------------------------------------------------------------------


Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to



http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708


to learn more.



------------------------------------------------------------------------








___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------






------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RPC Evasion techniques, Dave Aitel
Next by Date:  RE: Proventia G400, Palmer, Paul (ISSAtlanta)
Previous by Thread:  Re: Proventia G400, FinAckSyn
Next by Thread:  RE: Proventia G400, Palmer, Paul (ISSAtlanta)
Indexes:  [Date] [Thread] [Top] [All Lists]