IDS mailing list archives
Re: IPS Reliability/Availability
From: FinAckSyn <finacksyn () yahoo co uk>
Date: Fri, 3 Feb 2006 13:14:48 +0000 (GMT)
Hi Mike, The first question you must ask yourself is whether or not you are prepared to put a PC-based solution inline in your network? So bypass switches may solve reliability issues, but why bother going to all that trouble with bypass switches and load balanced clusters when there are some excellent dedicated, ASIC-based IPS solutions available. TippingPoint, McAfee and TopLayer are the biggest players in this space, and should be on any shortlist. As for real world experience, I have never had ANY reliability or performance issues with TopLayer, whom even go one step further as to include separate management and event logging processors to ensure that GUI access, SYSLOG/SNMP functions are 100% available no matter what the network load. If you're in a core network, be very careful with signature based products. TippingPoint and McAfee are heavily reliant on Snort signatures, which although may do a good job on the perimeter at defending known attacks, open a whole can of false positives when used on internal networks. I've had big problems tuning both TippingPoint and McAfee devices, and felt most uncomfortable having to disable vast portions of their signature sets to get them running at acceptable speeds. This is even worse on a core network, as you're dealing with far higher speeds. Rgds, Matt --- geek_brigades () yahoo com wrote:
I am working on a big IPS project and I am very concerned about installing an inline device in a core enterprise network, where these devices have the potential to create big time network outages. Can you, please, share your possible bad experiences about the reliability of the following inline IPS products: ISS TippingPoint Juniper IPS Sourcefire McAfee IntruShield Have you had any issues with the availability of these devices, such as fail close crashes or do you have any experience with bypass switches that would mitigate the availability issue? Thanks, Mike
------------------------------------------------------------------------
Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
___________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- IPS Reliability/Availability geek_brigades (Feb 02)
- RE: IPS Reliability/Availability Chris Serafin (Feb 02)
- RE: IPS Reliability/Availability Wes Young (Feb 06)
- Re: IPS Reliability/Availability David W. Goodrum (Feb 07)
- RE: IPS Reliability/Availability Wes Young (Feb 06)
- Re: IPS Reliability/Availability FinAckSyn (Feb 07)
- Re: IPS Reliability/Availability Richard Bejtlich (Feb 21)
- <Possible follow-ups>
- RE: IPS Reliability/Availability CraigPaterson (Feb 06)
- RE: IPS Reliability/Availability Andrew Plato (Feb 07)
- Re: IPS Reliability/Availability David Williams (Feb 13)
- Re: IPS Reliability/Availability Bob Walder (Feb 13)
- Re: IPS Reliability/Availability Martin Roesch (Feb 19)
- RE: IPS Reliability/Availability Alan Shimel (Feb 21)
- Re: IPS Reliability/Availability Martin Roesch (Feb 21)
- RE: IPS Reliability/Availability Alan Shimel (Feb 21)
- Re: IPS Reliability/Availability Martin Roesch (Feb 21)
- Re: IPS Reliability/Availability David Williams (Feb 13)
- RE: IPS Reliability/Availability Chris Serafin (Feb 02)