IDS mailing list archives
Re: CISCOs new IPS
From: p z <peterzulu () gmail com>
Date: Thu, 16 Dec 2004 20:35:15 -0500
key things to consider: - increased packet latency through the IPS. this is worsened as you increase the number of things you detect and/or block - careful of false positives, so only block the minimum number of exploits (around 30 or so out of the entire base of things seem to operate.) - power redundancy and network failover are other considerations. - failure to detect at high packet rates or high mbps rates. you have to stress test this yourself and use your peak average network stats as the baseline for packet rates and mbps rates. some ips systems stop detecting attacks at higher packet and bandwidth rates. peter On Wed, 15 Dec 2004 07:31:42 +0100, Christoph Pertl (tm011081) <tm011081 () fh-stpoelten ac at> wrote:
Hi, I'm right now in the middle of a Project with the goal to implement an IPS in an existing infrastructure. One of our possible Partners offers us the new IPS Product from Cisco. Does anyone of you now something about this machine or at least about the older IDS-Box because I think the Inspection Engine will be the same? Any Information about how well it performs in a real environment would be great Christoph -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Newbie question: autoblocking with IDS/IPS Daniel (Dec 13)
- Re: Newbie question: autoblocking with IDS/IPS Mike Johnson (Dec 16)
- RE: Newbie question: autoblocking with IDS/IPS Gary Halleen (ghalleen) (Dec 17)
- CISCOs new IPS Christoph Pertl (tm011081) (Dec 16)
- Re: CISCOs new IPS p z (Dec 17)
- Tippingpoint IPS Christoph Pertl(tm011081) (Dec 23)
- Re: Tippingpoint IPS Bob Walder (Dec 27)
- Re: Tippingpoint IPS Paul Schmehl (Dec 27)
- Re: CISCOs new IPS p z (Dec 17)
- Re: Newbie question: autoblocking with IDS/IPS Mike Johnson (Dec 16)