IDS mailing list archives

RE: Checkpoint SmartDefense

From: THolman () toplayer com
Date: Thu, 19 May 2005 20:11:26 -0400

Hi Fergus,

SmartDefense is a very limited application in terms of real-world
protection, with a limited feature set and minimal protection against volume
based attacks.
As far as intelligence goes, Check Point do keep it up to date, but it's
limitations on Intel based platforms can quickly be seen in a test lab.
Afaik, Interspect is a streamlined version of SmartDefense with no FW-1
component.  It has fared quite badly in customer deployments, not because of
the code, but because you cannot run high-speed IPS on PCI based hardware.
A SYN Flood of several megabytes will bring an Interspect box to its knees.
I'm not vendor bashing (I'm a CCSE in 4.1 and NG and advocate Check Point's
ease of use as a perimeter firewall and VPN solution), but as an IPS and
part of core infrastructure, the hardware simply isn't up to scratch.
It's only pro point is that it's easy to use.  Tick a box, and away you
go...
These facts are refutable - I would happily setup a test environment to
prove this (as have done several times before!).

Regards,

Tim 


-----Original Message-----
From: Fergus Brooks [mailto:fergwa () gmail com] 
Sent: 18 May 2005 12:10
To: focus-ids () securityfocus com
Subject: Checkpoint SmartDefense

Hi all,

I am getting some mixed messages regarding this feature. 

1) Does it detect zero day attacks in real time and
recommend/implement remediation

2) How intelligent is it?

3) Is it difficult to configure & maintain?

4) Is this feature different on the Interspect and standard FW-1 boxes


Any comments and real world examples greatly appreciated!

Thanks & regards.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

Checkpoint SmartDefense Fergus Brooks (May 18)
- RE: Checkpoint SmartDefense Net Shark (May 19)
- RE: Checkpoint SmartDefense Dimitrios Patsos (May 19)
- <Possible follow-ups>
- RE: Checkpoint SmartDefense Ofer Shezaf (May 19)
- RE: Checkpoint SmartDefense THolman (May 19)
- RE: Checkpoint SmartDefense charles . fasching (May 24)
- RE: Checkpoint SmartDefense THolman (May 28)