RE: Network IDS, or IPS, or Proxy?

["Evans, Arian" <Arian.Evans () fishnetsecurity com>]

Duston,

#We live in a 100% Windows world and the powers that be will 
#not be receptive to any *nix solutions.  We are more the willing to pay
for a 
#top of the line product as long is it is in fact top of the line.

How about *appliances*? Since almost all security appliances
are 1U Linux boxes...

#Currently I have been looking at the Symantec Gateway Device.  [...]
#Does anyone have any comments on the Symantec Gateway device?

I like a number of Symantec's solutions. That said, the Gateway device
is:
(1) Slow as dirt (it's got Raptor on it; what do you expect?)
(2) Not much of a NIDS (with roughly 80 signatures)
(ref:
http://enterprisesecurity.symantec.com/content/displaypdf.cfm?PDFID=248
)

If you want NIDS, get a NIDS. If you want IPS, which is what it
sounds like you want, check out Netscreen's IPS appliance. I
think it's the cheapest worthwhile IPS on the market.

I also highly recommend checking out ISS's Proventia appliances
if you want a NIDS. If you want IPS, look at what ISS has coming
down the pipe with the next two Proventia models.

Both NAI's Intruvert and Tipping Point look very cool (for IPS). I think
Vicki Irwin went to Tipping Point, so you'd expect the signatures to be
sound. (Tipping Point has been focused on the high-end Enterprise,
but you might see if they have any smaller boxes coming out soon.)

If you really want a firewall/proxy/virus-scanner/limited IDS, Symantec
has the following on their site regarding this new Gateway device:

Beta Testing:
The Enterprise Development Alliance Program is looking for qualified
network administrators interested in beta testing Symantec's latest
Security Appliance. If you would like more information, or are
interested,
please fill out an online application at:

http://survey.confirmit.com/wi/p157744978/ctl.asp
  
I am totally guessing you really want IPS due to the fact you brought
up that Gateway box. The subject of your email was geared towards
NIDS and you selected a box that's not much of a NIDS at all, which
leaves me a little confused as to what you want.

Cheers,

Arian Evans
Sr. Security Engineer
FishNet Security

Phone:  816.421.6611
Toll Free:  888.732.9406
Fax:  816.421.6677

http://www.fishnetsecurity.com


note: Text email is not Office XP friendly. Turn off the "remove
extra line breaks" located at |Tools|Options|Email Options if
it formats incorrectly. Why break text-based email by default?
Ask Microsoft.

The information transmitted in this e-mail is intended only for the addressee and may contain confidential and/or 
privileged material. 
Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information 
by persons or entities
other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you 
received this communication 
in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network 
system.



---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, 
VA; the world’s premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symanetc is the Diamond sponsor.  Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------