IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Network hardware IPS

From: "Alan Shimel" <alan () latis com>
Date: Mon, 29 Sep 2003 08:27:42 -0600
Alvin

I think our Border Guard product can do what you seem to be looking for.
One note of caution on TCP Reset is not a preferred method of blocking
attacks according to some security experts.  Border Guard actually uses
both traditional firewall-like blocking as well as a proprietary method
that we call pre-emptive blocking that will stop even fragments of
packets before they do harm.  I would be happy to talk to you more about
other features off-line if you like.  You can find out more at
http://www.stillsecure.com

Thanks
alan

Alan Shimel
VP of Sales & Business Development
Latis Networks, Inc.

303-381-3815 Direct
303-381-3881 Fax
516-857-7409 Mobile
www.stillsecure.com
Reducing your risk has never been this easy.
. . .
The information transmitted is intended only for the person
to which it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer. 

-----Original Message-----
From: Alvin Wong [mailto:alvin.wong () b2b com my] 
Sent: Monday, September 29, 2003 2:31 AM
To: focus-ids () securityfocus com
Subject: Network hardware IPS

Hi,

I'm interested to find out if anyone can share their experiences or
recommend a network hardware IPS that is deployed in front of the
gateway which is able to detect attack signatures and at the same time,
actively blocking out these attacks, alerting me in the process. 

This would be different from a passive IDS which depends on correlating
the logs every time an alert pops up. An ideal solution would be to be
able to detect the patterns and prevent them automatically, can a
network IPS do this?

I understand that it is possible in some IDS to do a TCP reset after one
had confirmed that the connection is not acceptable, can anyone explain
whether an IDS that can do this be actually "active" as opposed to
passive?

It would also be interesting if there could be some amount of trend
analysis built in which can review the destination/source ip traffic
over time, which can be used to identify particular boxes which are
easily targeted, which would mean that more work needs to be done for
that box.

Regards,
Alvin



------------------------------------------------------------------------
---
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to: 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance
Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to: 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: