IDS mailing list archives
RE: Network IDS, or IPS, or Proxy?
From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Tue, 19 Aug 2003 10:44:13 -0500
Duston, #We live in a 100% Windows world and the powers that be will #not be receptive to any *nix solutions. We are more the willing to pay for a #top of the line product as long is it is in fact top of the line. How about *appliances*? Since almost all security appliances are 1U Linux boxes... #Currently I have been looking at the Symantec Gateway Device. [...] #Does anyone have any comments on the Symantec Gateway device? I like a number of Symantec's solutions. That said, the Gateway device is: (1) Slow as dirt (it's got Raptor on it; what do you expect?) (2) Not much of a NIDS (with roughly 80 signatures) (ref: http://enterprisesecurity.symantec.com/content/displaypdf.cfm?PDFID=248 ) If you want NIDS, get a NIDS. If you want IPS, which is what it sounds like you want, check out Netscreen's IPS appliance. I think it's the cheapest worthwhile IPS on the market. I also highly recommend checking out ISS's Proventia appliances if you want a NIDS. If you want IPS, look at what ISS has coming down the pipe with the next two Proventia models. Both NAI's Intruvert and Tipping Point look very cool (for IPS). I think Vicki Irwin went to Tipping Point, so you'd expect the signatures to be sound. (Tipping Point has been focused on the high-end Enterprise, but you might see if they have any smaller boxes coming out soon.) If you really want a firewall/proxy/virus-scanner/limited IDS, Symantec has the following on their site regarding this new Gateway device: Beta Testing: The Enterprise Development Alliance Program is looking for qualified network administrators interested in beta testing Symantec's latest Security Appliance. If you would like more information, or are interested, please fill out an online application at: http://survey.confirmit.com/wi/p157744978/ctl.asp I am totally guessing you really want IPS due to the fact you brought up that Gateway box. The subject of your email was geared towards NIDS and you selected a box that's not much of a NIDS at all, which leaves me a little confused as to what you want. Cheers, Arian Evans Sr. Security Engineer FishNet Security Phone: 816.421.6611 Toll Free: 888.732.9406 Fax: 816.421.6677 http://www.fishnetsecurity.com note: Text email is not Office XP friendly. Turn off the "remove extra line breaks" located at |Tools|Options|Email Options if it formats incorrectly. Why break text-based email by default? Ask Microsoft. The information transmitted in this e-mail is intended only for the addressee and may contain confidential and/or privileged material. Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information by persons or entities other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network system. --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ---------------------------------------------------------------------------
Current thread:
- RE: Network IDS, or IPS, or Proxy? Evans, Arian (Aug 21)