Security Basics mailing list archives
RE: is Checkpoint smart defance is enough ?
From: THolman () toplayer com
Date: Tue, 2 Aug 2005 16:13:35 -0400
Hi Juan, SmartDefense is Check Point's Network IPS. As well as being an add-on feature for Firewall-1, it is also the basis for the Check Point Entercept product. Whilst the concept is good, and the updates pretty regular, performance across the board is limited by the PC-based systems upon which it runs. Theoretically, you can only stuff 512Mbs through a PC-based firewall/IPS with 2 network cards. The more you then do with the hardware (eg running firewalls, VPNs, address-translation, logging, management), the less performance you will get out of it. Also, if you were hit by a worm or virus, then SmartDefense would quickly run out of resources, as there is no effective rate-limiting control (ie limiting the amount of concurrent TCP Connections or UDP Requests). I would recommend SmartDefense for low-end perimeter deployments (<10Mb leased lines), but not for core network use (unless you buy lots and lots of them, but then it's not very cost effective). Would you give up on other IDS's? Well - SmartDefense is an IPS, not an IDS. A lot of companies will use these in parallel, so the IPS to remove the white noise from the network in real-time, and the IDS to perform resource-intensive analysis on the leftover traffic. Some companies see IPS as a replacement for IDS - this fits some companies' security policy quite well, as they're in an industry that requires a tickbox for IDS OR IPS during audits, but moving to the banking/finance industry, they need all the security tools they can get, and will commonly use IPS and IDS - both to pass audits, and to ensure maximum levels of security insurance for themselves and their customers. Your decision as to whether or not SmartDefense can replace an IDS is really down to the big picture, architectural decision as to whether or not you want to replace, or keep IDS with regards to an effective IPS solution. If you are in the market for a good IPS solution, then a good place to start looking is www.nss.co.uk (excellent, industry independent tests), plus SC Magazine recently published results of their IPS testing - http://www.scmagazine.com/products/index.cfm?fuseaction=GroupTestDetails&Gro upId=19076. It's interesting to note that Check Point feature in neither. What you make of this is up to you ! :) Regards, Tim -----Original Message----- From: Juan B [mailto:juanbabi () yahoo com] Sent: 02 August 2005 09:21 To: security-basics () lists securityfocus com Subject: is Checkpoint smart defance is enough ? Hi, I was wondering if I enable smartdafance on a network so I can give up all the other IDS's like snort Iss etc. Is smartdefance considered as an IDS at all ? thanks Juan ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Current thread:
- is Checkpoint smart defance is enough ? Juan B (Aug 02)
- Re: is Checkpoint smart defance is enough ? routerg (Aug 03)
- Re: is Checkpoint smart defance is enough ? Rodrigo Blanco (Aug 04)
- <Possible follow-ups>
- RE: is Checkpoint smart defance is enough ? Hitesh Patel (Aug 03)
- RE: is Checkpoint smart defance is enough ? THolman (Aug 03)
- Re: is Checkpoint smart defance is enough ? Ivan C (Aug 03)
- Re: is Checkpoint smart defance is enough ? aner . sagi (Aug 03)
- Re: is Checkpoint smart defance is enough ? Ivan C (Aug 03)
- Re: is Checkpoint smart defance is enough ? andrew_conly (Aug 03)