RE: tippingpoint IDS

["forums () kentane net" <forums () kentane net>]

That's one point I forgot to mention and a very valuable point indeed. False positives! Tippingpoing is excellent when 
it comes to this. You get very little false positives in my experience. I have deployed 10 200s and 2 1200s in my 
network, managed via their management console, the SMS. It's a pleasure to look after these things. In terms of what 
specific boxen to deploy for your network, I can't really say. You would have to speak to your Tippingpoint sales rep 
he would be able to advise on the size based on the throughput and number of segements supported by the box.

False positives are the major issue with IPS' that are based on IDS. To single one out, the Proventia device (it's the 
only one I have some experience with). The rest just lack management tools and are a tab bit cumbersome to manage in 
huge deployments. Some are just network based AV. There's a lot of hogwash out there...

-------------------------
Original Message:
From: Jason Leung <jleung () verniernetworks com>
To: forums () kentane net, roastin () yahoo com
Date: Tuesday, July 12 2005 20:35
Subject: RE: tippingpoint IDS
Ah, Would you have any observations you can relate about TP IPS about
false positives, or perhaps any pointers on how big of a box for what
kind of network architecture deployment?

Thanks

Jason


-----Original Message-----
From: forums () kentane net [mailto:forums () kentane net] 
Sent: Tuesday, July 12, 2005 1:49 AM
To: roastin () yahoo com
Cc: security-basics () securityfocus com
Subject: Re: tippingpoint IDS

First of all, Tippying point is and IPS, the difference you can read
about here:
http://www.checkpoint.com/products/internal_security/articles/ht_ips_ids
.html

I have experience on both the Tippingpoint and the ISS Proventia. The
first thing that you should know is that Proventia was an outgrowth of
ISS IDS, and as such is more like in inline IDS more than anything.
Tippingpoint was designed as an IPS from the ground up. Tippingpoit's
main plus is that it's designed for performance. While most IPSs lack
terribly in this arena. 

To top it off, a lot of the Tippingpoint signatures are based on the
actual vulnerability instead of some exploit, therefore if a network
based attack's signature should change, because Tippingpoint's sig is
based on the vulnerability, it should be able to catch it. This also
makes it quicker for Tippingpoint to release signatures to combat
against a new vulnerability even before an exploit is seen in the wild.

Also Tippingpoint is piss easy to setup. In a matter of minutes can be
up and running compared to most other IPS devices that I have played
with. Talk to your local reseller, get a Tippingpoint and play with it.
You will be amazed!

-------------------------
Original Message:
From: Leon <roastin () yahoo com>
To: security-basics () securityfocus com
Date: Thursday, July 7 2005 19:49
Subject: tippingpoint IDS
Does anyone have any experience with this product?

Looking to hear unbiased reviews.

Thx,

Leon


                
__________________________________ 
Yahoo! Mail for Mobile 
Take Yahoo! Mail with you! Check email on your mobile phone. 
http://mobile.yahoo.com/learn/mail