IDS mailing list archives
RE: Checkpoint SmartDefense
From: "Net Shark" <netshark () sexmagnet com>
Date: Wed, 18 May 2005 23:53:18 +0100
-----Original Message----- From: Fergus Brooks [mailto:fergwa () gmail com] Sent: quarta-feira, 18 de Maio de 2005 12:10 To: focus-ids () securityfocus com Subject: Checkpoint SmartDefense Hi all, I am getting some mixed messages regarding this feature. 1) Does it detect zero day attacks in real time and recommend/implement remediation
It can detect some attacks on the fly and stop them.
2) How intelligent is it?
It depends a lot on the type of filtering made. For instance, some DNS queries are mistaken with DNS buffer overflow attempts, probably because they're not RFC compliant. The same problem happens with other protocols. On the other hand it successfully filters most common DoS attacks and worms (Land, code red & friends)
3) Is it difficult to configure & maintain?
IMHO, Like most checkpoint products the difficulty is the *installation* phase. SmartDefense however, can be very tricky to *tune*, but not to configure, as the default configuration doesn't harm a fly.
4) Is this feature different on the Interspect and standard FW-1 boxes
Dunno, I'm only using it in a Nokia IP firewall (over their IPSO), and it seems quite happy.
Any comments and real world examples greatly appreciated!
It doesn't replace nice PC boxes running snort, and other IDS tools. In fact, is advisable to have a network setup with both. Some Smartdefense features can cause very obscure errors. I remember having problems with the Autodesk Mapguide server and Mapguide agent, because the communication protocol designed by Autodesk was mistaken with the blaster Worm. Then again I'm using a 2003 version of smartdefense. The product could have been improved a lot by now. -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Checkpoint SmartDefense Fergus Brooks (May 18)
- RE: Checkpoint SmartDefense Net Shark (May 19)
- RE: Checkpoint SmartDefense Dimitrios Patsos (May 19)
- <Possible follow-ups>
- RE: Checkpoint SmartDefense Ofer Shezaf (May 19)
- RE: Checkpoint SmartDefense THolman (May 19)
- RE: Checkpoint SmartDefense charles . fasching (May 24)
- RE: Checkpoint SmartDefense THolman (May 28)