Re: IPS Reliability/Availability

You should also check for controllable latency.  A box could be 
technically "up", but having problems and introducing latency.  You 
should ask each vendor why they might add latency (fragmentation and 
session reassembly are potential ones I can think of), what happens when 
CPU's get taxed too high, if latency is controllable.  The classic 
example is the vendor "pulling the plug" on the box and showing you the 
bypass capability.  But, there are worse scenarios than pulling the 
plug.  Controllable/configurable latency should be something you might 
want to look at in a vendor.

thanks,

dave

David W. Goodrum, CEH
(nfr)(security)
http://www.nfr.com
(M)703.731.3765
(O)240.747.3425
(F)240.632.0200


Wes Young wrote:
> http://www.netoptics.com/products/product_family_details.asp?Section=products&pid=99&cid=5
>
> On Thu, 2006-02-02 at 15:51 -0600, Chris Serafin wrote:
>
> > I know from the short time I worked for a Juniper reseller, the Juniper IPS
> > has a separate box [very small] that does like a HA link to the IPS, so if
> > the IPS fails, the traffic routed straight throught the network with no IPS
> >
> > Chris Serafin
> > IT Security / VoIP Engineer
> > chris@chrisserafin.com
> >
> > -----Original Message-----
> > From: geek_brigades@yahoo.com [mailto:geek_brigades@yahoo.com] 
> > Sent: Thursday, February 02, 2006 10:27 AM
> > To: focus-ids@securityfocus.com
> > Subject: IPS Reliability/Availability
> >
> > I am working on a big IPS project and I am very concerned about installing
> > an inline device in a core enterprise network, where these devices have the
> > potential to create big time network outages. 
> >
> > Can you, please, share your possible bad experiences about the reliability
> > of the following inline IPS products:
> >
> > ISS
> > TippingPoint
> > Juniper IPS
> > Sourcefire
> > McAfee IntruShield
> >
> > Have you had any issues with the availability of these devices, such as fail
> > close crashes or do you have any experience with bypass switches that would
> > mitigate the availability issue?
> >
> > Thanks,
> > Mike
> >
> > ------------------------------------------------------------------------
> > Test Your IDS
> >
> > Is your IDS deployed correctly?
> > Find out quickly and easily by testing it 
> > with real-world attacks from CORE IMPACT.
> > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
> > to learn more.
> > ------------------------------------------------------------------------
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> > Test Your IDS
> >
> > Is your IDS deployed correctly?
> > Find out quickly and easily by testing it 
> > with real-world attacks from CORE IMPACT.
> > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
> > to learn more.
> > ------------------------------------------------------------------------

--
David W. Goodrum, CEH
(nfr)(security)
http://www.nfr.com
(M)703.731.3765
(O)240.747.3425
(F)240.632.0200

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------