RE: IPS Reliability/Availability

["Alan Shimel" <ashimel () stillsecure com>]

We are looking at a similar type of card for our IPS, am interested if
customers really by into this as being true bypass?  We wanted to offer it
as an option with free IPS strata guard free (stillsecure.org).

alan

 
StillSecure
Alan Shimel 
Chief Strategy Officer 

O 303.381.3815
C 516.857.7409
F 303.381.3881
email ashimel () stillsecure com
blog http://ashimmy.typepad.com

www.stillsecure.com
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer.

-----Original Message-----
From: Martin Roesch [mailto:roesch () sourcefire com] 
Sent: Thursday, February 16, 2006 10:47 AM
To: Andrew Plato
Cc: geek_brigades () yahoo com; focus-ids () securityfocus com
Subject: Re: IPS Reliability/Availability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So Andrew, are you saying that most of our customers routinely  
experience 75% hardware failure rates and we're somehow managing to  
cover this up or do you think this was an isolated incident?  Can you  
imagine the cost to us in in terms of overhead for our customers with  
100+ sensors if that were a true indication of the reliability of our  
gear?

BTW, our IPS appliances offer zero power fail-open NICs as well.

     -Marty

On Feb 6, 2006, at 11:04 AM, Andrew Plato wrote:

> Most of these devices are pretty good for reliability. The only
> exception I would make is SourceFire, which back when we sold it had
> abysmal reliability (3 out of 4 boxes we sold to a customer show up  
> dead
> or died soon after installation).
>
> TippingPoint sells a zero-power bypass add-on for their IPS. If the  
> IPS
> fails in anyway, traffic is passed through the zero-power device. Its
> very easy to add. Juniper does something similar.
>
> -----------------------------------------------
> Andrew Plato, CISSP, CISM
> President/Principal Consultant
> Anitian Enterprise Security
>
> -----------------------------------------------
>
>
>
>
> -----Original Message-----
> From: geek_brigades () yahoo com [mailto:geek_brigades () yahoo com]
> Sent: Thursday, February 02, 2006 8:27 AM
> To: focus-ids () securityfocus com
> Subject: IPS Reliability/Availability
>
> I am working on a big IPS project and I am very concerned about
> installing an inline device in a core enterprise network, where these
> devices have the potential to create big time network outages.
>
> Can you, please, share your possible bad experiences about the
> reliability of the following inline IPS products:
>
> ISS
> TippingPoint
> Juniper IPS
> Sourcefire
> McAfee IntruShield
>
> Have you had any issues with the availability of these devices,  
> such as
> fail close crashes or do you have any experience with bypass switches
> that would mitigate the availability issue?
>
> Thanks,
> Mike
>
> ---------------------------------------------------------------------- 
> --
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- 
> ids_040708
> to learn more.
> ---------------------------------------------------------------------- 
> --
> _________________________________________________
> NOTICE:
> This email may contain confidential information,
> and is for the sole use of the intended recipient.
> If you are not the intended recipient, please reply
> to the message and inform the sender of the error
> and delete the email and any attachments from
> your computer.
> _________________________________________________
>
> ---------------------------------------------------------------------- 
> --
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- 
> ids_040708
> to learn more.
> ---------------------------------------------------------------------- 
> --

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD9J6Qqj0FAQQ3KOARAiElAJ96YZCSRUWJzU8hQZ2zKIsslDH6RQCfV9K1
sLDLFCtnciiLmvCYHUbPgv8=
=+eOq
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------