IDS mailing list archives

RE: Juniper and ISS Protocol Anomaly Detection Evaluation

From: "Compton, Rich" <richard.compton () chartercom com>
Date: Mon, 15 May 2006 17:08:44 -0500

Juniper already has the IDP module for the ISG-2000 and the current
version of NSM (2005 R3) supports managing both the IDPs and the
firewalls. 

-----Original Message-----
From: Reynolds, Wayne [mailto:Wayne_Reynolds () condenast com] 
Sent: Monday, May 15, 2006 11:01 AM
To: Mike Youngs
Cc: focus-ids () lists securityfocus com
Subject: RE: Juniper and ISS Protocol Anomaly Detection Evaluation

Mike,

We have already compared these two solutions in depth and ended up
choosing Juniper.

We already use NetScreens as our firewall solution and Juniper will be
offering an IDP module for the NetScreens very shortly which will
incorporate the IDP management within their pre-existing NSM console
package.

Personally, I found ISS' management console much more intuitive, but I
felt that their tech support was severely lacking.  Their support team
just never seemed interested in giving us any help.

-Wayne

________________________________________
Wayne D Reynolds
Network Engineering and Security
Conde Nast Publications
mailto:wayne_reynolds () condenast com

-----Original Message-----
From: Mike Youngs [mailto:myoungs () glenergy com]
Sent: Friday, May 12, 2006 8:06 AM
To: focus-ids () lists securityfocus com
Subject: Juniper and ISS Protocol Anomaly Detection Evaluation

Hello Everyone,

I am doing a network based intrusion detection and prevention system
evaluation, and have come across something I would like this groups
collective experience to give an opinion on.

For various reasons, we have settled on making a selection between the
Juniper IDP 600C and the ISS Proventia GX5008.  During our evaluation,
we have found that Juniper and ISS offer their protocol anomaly
detection means in much different ways.  What I would like to hear from
this group is your experience and insight with either product's protocol
anomaly detection.
If
someone has insight and/or experience with both products, that will be
that much better.  I hope to find out if each vendor's protocol anomaly
detection features are essentially the same thing, or if one is superior
over the other and why, so I can make a more informed decision on this
feature.

Another way to say it is, does "protocol anomaly detection" mean the
same thing to both vendors?  It appears that "attack pattern" means
something different to each vendor.  One considers in the actual string
or pattern to look for in a packet, and the other considers is it
multiple events when viewed as a whole could mean an attack on a system.

Any insight would be appreciated!  Thanks in advance,

Mike Youngs
Network Manager
Great Lakes Energy

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

E-MAIL CONFIDENTIALITY NOTICE: 

The contents of this e-mail message and 
any attachments are intended solely for the 
addressee(s) and may contain confidential 
and/or legally privileged information. If you 
are not the intended recipient of this message 
or if this message has been addressed to you 
in error, please immediately alert the sender
 by reply e-mail and then delete this message 
and any attachments. If you are not the 
intended recipient, you are notified that 
any use, dissemination, distribution, copying, 
or storage of this message or any attachment 
is strictly prohibited.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

Current thread:

Juniper and ISS Protocol Anomaly Detection Evaluation Mike Youngs (May 15)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Chris Hummel (May 16)
  - Ha: RE: Juniper and ISS Protocol Anomaly Detection Evaluation Dmitry V Ushakov (May 17)
    - RE: RE: Juniper and ISS Protocol Anomaly Detection Evaluation Security Focus (May 18)
- <Possible follow-ups>
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Reynolds, Wayne (May 15)
  - RE: Juniper and ISS Protocol Anomaly Detection Evaluation Compton, Rich (May 16)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Steven Williams (May 16)
  - Re: Juniper and ISS Protocol Anomaly Detection Evaluation Stefano Zanero (May 18)
    - RE: Juniper and ISS Protocol Anomaly Detection Evaluation Biswas, Proneet (May 19)
  - Re: Juniper and ISS Protocol Anomaly Detection Evaluation Eric Hanselman (May 18)
    - RE: Juniper and ISS Protocol Anomaly Detection Evaluation Biswas, Proneet (May 19)