Re: Intrusion Prevention

[Dave Mitchell <dmitchell () viawest net>]

I personally recommend the Netscreen IDP. It uses flow based packet inspection, can ride
in-line or in sniffer, and has a realtime Java GUI for Windows or Linux. Policy options include
the ability to allow, discard, TCP RST client, TCP RST server, or both. The 2.0 code allows
for in-line with spanning tree and can also use VRRP. They are reliable, easy to install,
and best of all, easy to manage.

I was able to push near ~450mb/s at the IDP 500. 

-dave

On Mon, Dec 23, 2002 at 11:52:08AM -0600, Carey, Steve T GARRISON wrote:
> We are currently testing it.  It is pretty impressive.  Gives you the capability
> to either look at just the packet that caused the alert, or the alert packet and
> five subsequent packets, or entire flow (which gives you the traffic from the
> source and the destination).  Currently the best commercial product we have
> looked at.
>
> Steven T. Carey
> LCIRT-R Team Leader
> Comm (256) 876-5811
> Cell (256) 947-0225
>
>
> -----Original Message-----
> From: Johnny Kho [mailto:johnnyk () mailhost net]
> Sent: Sunday, December 22, 2002 10:14 PM
> To: Johnny Kho
> Cc: focus-ids () securityfocus com
> Subject: Intrusion Prevention 
>
>
> Hi.
>
> Anyone have tested Intruvert Network IPS? It is pretty impressive from the
> NSS test results...
>
> www.intruvert.com
>
> Merry Christmas and Holiday Cheers to all..
>
> Johnny