Re: Network IDS

["Andrew Plato" <aplato () anitian com>]

> > The ISS Real Secure product can also interface with Check Point OPSEC
to
> > spawn TCP resets that can kill an attack.
>
> <shameless plug>
>
> So can Snort using Snortsam.
>
> </shameless plug>

1. I think ISS's NIDS is great, but when it comes to interfacing with
OPSEC, I get queasy with that idea. I have a philosophical problem with
a independent system writing rules into another system. Its asking for
problems. Every time I see this implemented, it gets messed up somehow
and either doesn't block when it should, or blocks the wrong things.
Maybe its just because everyone who I've worked with that did this is
lame. Nevertheless, the OPSEC connection always sounds better as a
concept then it does when its actually implemented. 

The better solution would be to use an in-line IPS like RealSecure Guard
to do that and then let the firewall stick with doing what it does best.


2. While we're doing shameless promoting, I have to slip in a plug for
Top Layer's Attack Mitigator. Line-speed operation, flexible, fast, and
it sets up and runs in like 60 minutes. My only want from it is a SMTP
proxy, but that's probably just wishful thinking. I can always shove a
WatchGuard in there for that. 

___________________________________
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security 
 
503-644-5656 Office
503-644-8574 Fax
503-201-0821 Mobile
www.anitian.com
___________________________________

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, 
VA; the world’s premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symanetc is the Diamond sponsor.  Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------