Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IPS Reliability/Availability

from [FinAckSyn] Network Security [Permanent Link]
Subject: Re: IPS Reliability/Availability
Date: Fri, 3 Feb 2006 13:14:48 +0000 (GMT) 
Hi Mike,

The first question you must ask yourself is whether or
not you are prepared to put a PC-based solution inline
in your network?
So bypass switches may solve reliability issues, but
why bother going to all that trouble with bypass
switches and load balanced clusters when there are
some excellent dedicated, ASIC-based IPS solutions
available.  TippingPoint, McAfee and TopLayer are the
biggest players in this space, and should be on any
shortlist.
As for real world experience, I have never had ANY
reliability or performance issues with TopLayer, whom
even go one step further as to include separate
management and event logging processors to ensure that
GUI access, SYSLOG/SNMP functions are 100% available
no matter what the network load.
If you're in a core network, be very careful with
signature based products.  TippingPoint and McAfee are
heavily reliant on Snort signatures, which although
may do a good job on the perimeter at defending known
attacks, open a whole can of false positives when used
on internal networks.  I've had big problems tuning
both TippingPoint and McAfee devices, and felt most
uncomfortable having to disable vast portions of their
signature sets to get them running at acceptable
speeds.  This is even worse on a core network, as
you're dealing with far higher speeds.

Rgds,

Matt


--- geek_brigades@yahoo.com wrote:


I am working on a big IPS project and I am very
concerned about installing an inline device in a
core enterprise network, where these devices have
the potential to create big time network outages. 

Can you, please, share your possible bad experiences
about the reliability of the following inline IPS
products:

ISS
TippingPoint
Juniper IPS
Sourcefire
McAfee IntruShield

Have you had any issues with the availability of
these devices, such as fail close crashes or do you
have any experience with bypass switches that would
mitigate the availability issue?

Thanks,
Mike



------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to


http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708


to learn more.


------------------------------------------------------------------------







                
___________________________________________________________ 
How much free photo storage do you get? Store your holiday 
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Real world experience with HIDS, Gregg Earnhart
Next by Date:  Re: anomaly IDS ideas ?, Christian G. Charette
Previous by Thread:  Re: IPS Reliability/Availability, David W. Goodrum
Next by Thread:  Re: IPS Reliability/Availability, Richard Bejtlich
Indexes:  [Date] [Thread] [Top] [All Lists]