IDS mailing list archives
Re: How to choose an IDS/FW MSS provider
From: buineach <securesolutions () gmail com>
Date: Tue, 8 Mar 2005 21:58:18 +0000
Stephane My opinions here are based on testing I did against all these vendors in the IPS space. Netscreen IDP, Checkpoint (whatever) & ISS preventia are PC based solution like all PC based solutions it has a bad foundation to build on. The central PC based CPU appract of Netscreen IDP , Checkpoint & ISS mean that you would be a brave man to depend on any of these solutions to provide your requested 24x7x365 concept. IIt is important to differenciate the Netscren firewalls from the IDP which is 2 different architectures, The IDP coming from their acquisition of Onesecure. What happens when the next worm outbreak occurs from someone bringing in an infected PC and the IPS is deployed to quarantine bad traffic to different segments. Part of some of the attacks last year was to synflood some unix and windows vendors. What is to stop the next worm sending out the same volume of garbage fragmented traffic that any IPS which is in any way stateful must deal with to determine firstly the destination port and coaleace these before having the traffic passed to the string search engine. You can imagine that this type of device can quicly beome the bottleneck in your network. A quick test is to use isic tool (tcpsic) to send bad traffic through the IPS at at least 20Mb/sec to simulate some compromised systems and see what effect this has on legitimate sesiions and the usability of the "appliance" PIX is a FW and Cisco are plugging the IPS V5.0 which is as far as I can tell putting their IDS 4xxx series inline. I have no experience with this but there have been many comments posted related to this. My reccommendation is to put a test plan together and evaluate some of the more compitent solutions. Happy hunting.. Mick On Mon, 07 Mar 2005 11:41:31 +0100, Stephane <stephane.d () ecologie net> wrote:
Dear All, How do I choose an IDS/IPS provider if I need a strong level of expertise 24x7x365 and a worldwide representaion? I need it on Netscreen, PIX, CheckPoint and ISS Realsecure and Proventia. Thank you, S. -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- How to choose an IDS/FW MSS provider Stephane (Mar 07)
- RE: How to choose an IDS/FW MSS provider Randy Golly (Mar 09)
- Re: How to choose an IDS/FW MSS provider buineach (Mar 10)
- Re: How to choose an IDS/FW MSS provider Stephane (Mar 10)
- Re: How to choose an IDS/FW MSS provider buineach (Mar 10)
- Re: How to choose an IDS/FW MSS provider Kevin (Mar 11)
- Re: How to choose an IDS/FW MSS provider Stephane (Mar 10)
- <Possible follow-ups>
- RE: How to choose an IDS/FW MSS provider KoƧ.net (Mar 09)
- Re: How to choose an IDS/FW MSS provider Stephane (Mar 10)
- RE: How to choose an IDS/FW MSS provider Brady, Rick (Mar 10)
- Re: How to choose an IDS/FW MSS provider Stephane (Mar 10)
- Re: How to choose an IDS/FW MSS provider David W. Goodrum (Mar 11)
- Re: How to choose an IDS/FW MSS provider Richard Bejtlich (Mar 14)
- Re: How to choose an IDS/FW MSS provider David W. Goodrum (Mar 14)
- Re: How to choose an IDS/FW MSS provider Stephane (Mar 10)