IDS mailing list archives
RE: Intruvert 4000.
From: "Bob Walder" <bwalder () spamcop net>
Date: Tue, 27 Jan 2004 11:14:18 +0100
Great to hear about real-world deployments of these devices - take a look at our new IPS report (www.nss.co.uk/ips) for our take on the I-4000 and other in-line IPS devices. Regards, Bob Walder Director The NSS Group ------------------------------------------------------------------------ ---------- This message is intended for the addressee only and may contain information that may be of a privileged or confidential nature. If you have received this message in error, please notify the sender and destroy the message immediately. Unauthorised use or reproduction of this message is strictly prohibited.
-----Original Message----- From: Steve Paine [mailto:steve () hiblue com] Sent: 27 January 2004 10:17 To: focus-ids () securityfocus com Subject: Intruvert 4000. By way of an introduction, and using the 'give before you get' principle, i thought i'd drop a few lines about our recent purchase of the Intruvert 4000 from Network associates. We chose the intruvert 4000 over a number of other devices due to its ability to handle assymetric traffic in a load-balancing scanario. We have 2 x 1GB connections going through this device. We've had it for three weeks now and have been, lets say, 'playing.' Things i like: Ease of setup. The device must be operated via a seperate management machine and after this has been installed, the device can be put into action as an IDS device very quickly with the standard profiles. As an active device, things are obviously more tricky. DDOS protection and learning profiles caused us some problems for a while as it was very difficult to see what the device had learnt and what it was blocking. As we go furher with testing, this part of the device is becoming clearer. We havent done any throughput or delay tests and I guess, we won't do much in this area. Our traffic loads aren't that high that we need to worry about device overloading at this stage. Thing i dont like: The management interface is s-l-o-w. Despite having a P4 2.4 running with 1GB memory, the java-based management application is too fat for its job. It needs a lot of optimisation. Mouse clicks are taking three seconds to respond which is a real pain when you have to go through 4 mouse clicks to get where you want to go. Things I want to know more about: Writing signatures and sharing signatures. I will also need to find out if I can use some standard format for localy written signatures. (Snort standard?) Anyway, things are looking good right now. We deploy in a coupe of months so I guess i'll have a few more things to say before then. If anyone else is using Intruvert at all, let me know. Regards Steve ------------------------------------------------------------- -------------- ------------------------------------------------------------- --------------
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Intruvert 4000. Steve Paine (Jan 27)
- <Possible follow-ups>
- RE: Intruvert 4000. Bob Walder (Jan 27)