IDS mailing list archives
RE: Checkpoint SmartDefense
From: THolman () toplayer com
Date: Thu, 19 May 2005 20:11:26 -0400
Hi Fergus, SmartDefense is a very limited application in terms of real-world protection, with a limited feature set and minimal protection against volume based attacks. As far as intelligence goes, Check Point do keep it up to date, but it's limitations on Intel based platforms can quickly be seen in a test lab. Afaik, Interspect is a streamlined version of SmartDefense with no FW-1 component. It has fared quite badly in customer deployments, not because of the code, but because you cannot run high-speed IPS on PCI based hardware. A SYN Flood of several megabytes will bring an Interspect box to its knees. I'm not vendor bashing (I'm a CCSE in 4.1 and NG and advocate Check Point's ease of use as a perimeter firewall and VPN solution), but as an IPS and part of core infrastructure, the hardware simply isn't up to scratch. It's only pro point is that it's easy to use. Tick a box, and away you go... These facts are refutable - I would happily setup a test environment to prove this (as have done several times before!). Regards, Tim -----Original Message----- From: Fergus Brooks [mailto:fergwa () gmail com] Sent: 18 May 2005 12:10 To: focus-ids () securityfocus com Subject: Checkpoint SmartDefense Hi all, I am getting some mixed messages regarding this feature. 1) Does it detect zero day attacks in real time and recommend/implement remediation 2) How intelligent is it? 3) Is it difficult to configure & maintain? 4) Is this feature different on the Interspect and standard FW-1 boxes Any comments and real world examples greatly appreciated! Thanks & regards. -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Checkpoint SmartDefense Fergus Brooks (May 18)
- RE: Checkpoint SmartDefense Net Shark (May 19)
- RE: Checkpoint SmartDefense Dimitrios Patsos (May 19)
- <Possible follow-ups>
- RE: Checkpoint SmartDefense Ofer Shezaf (May 19)
- RE: Checkpoint SmartDefense THolman (May 19)
- RE: Checkpoint SmartDefense charles . fasching (May 24)
- RE: Checkpoint SmartDefense THolman (May 28)