RE: IPS Reliability/Availability

["Kunz, Jeffrey T." <JKunz () foley com>]

I have worked with both ISS and IntruShield, both of which set to inline
mode.  When a device fails, you see about 1-3 pings drop and everything
is back to normal.

-----Original Message-----
From: Chris Serafin [mailto:chris () chrisserafin com] 
Sent: Thursday, February 02, 2006 3:51 PM
To: geek_brigades () yahoo com; focus-ids () securityfocus com
Subject: RE: IPS Reliability/Availability

I know from the short time I worked for a Juniper reseller, the Juniper
IPS
has a separate box [very small] that does like a HA link to the IPS, so
if
the IPS fails, the traffic routed straight throught the network with no
IPS

Chris Serafin
IT Security / VoIP Engineer
chris () chrisserafin com

-----Original Message-----
From: geek_brigades () yahoo com [mailto:geek_brigades () yahoo com] 
Sent: Thursday, February 02, 2006 10:27 AM
To: focus-ids () securityfocus com
Subject: IPS Reliability/Availability

I am working on a big IPS project and I am very concerned about
installing
an inline device in a core enterprise network, where these devices have
the
potential to create big time network outages. 

Can you, please, share your possible bad experiences about the
reliability
of the following inline IPS products:

ISS
TippingPoint
Juniper IPS
Sourcefire
McAfee IntruShield

Have you had any issues with the availability of these devices, such as
fail
close crashes or do you have any experience with bypass switches that
would
mitigate the availability issue?

Thanks,
Mike

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------


The preceding email message may be confidential or protected by the attorney-client privilege. It is not intended for 
transmission to, or receipt by, any unauthorized persons.  If you have received this message in error, please (i) do 
not read it, (ii) reply to the sender that you received the message in error, and (iii) erase or destroy the message.  
Legal advice contained in the preceding message is solely for the benefit of the Foley & Lardner LLP client(s) 
represented by the Firm in the particular matter that is the subject of this message, and may not be relied upon by any 
other party.      

  
Internal Revenue Service regulations require that certain types of written advice include a disclaimer. To the extent 
the preceding message contains advice relating to a Federal tax issue, unless expressly stated otherwise the advice is 
not intended or written to be used, and it cannot be used by the recipient or any other taxpayer, for the purpose of 
avoiding Federal tax penalties, and was not written to support the promotion or marketing of any transaction or matter 
discussed herein.


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------