RE: IPS - Cisco vs. McAfee vs. Tippingpoint

[Hurgel Bumpf <l0rd_lunatic () yahoo com>]

Hi Diego,

thank you for your email.

I'm certified for Fortinet devices. So i know they are some "fully featured network edge security devices"

They are not designed for our intentions :)

BR,

Andre

--- Diego Garay <dgaray () dacas com> schrieb am Mi, 29.7.2009:

> Von: Diego Garay <dgaray () dacas com>
> Betreff: RE: IPS - Cisco vs. McAfee vs. Tippingpoint
> An: "'Hurgel Bumpf'" <l0rd_lunatic () yahoo com>, focus-ids () securityfocus com
> Datum: Mittwoch, 29. Juli 2009, 11:32
> Hi 
> This product can help
>
> http://www.fortinet.com/products/fortiweb/
>  
>                
>           or
> http://www.fortinet.com/products/fortigate/
>
>
> pd:     
> I hope it will not take it as spam  :S
>
> Diego 
>
> -----Mensaje original-----
> De: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com]
> En nombre de Hurgel Bumpf
> Enviado el: Miércoles, 29 de Julio de 2009 09:25 a.m.
> Para: focus-ids () securityfocus com
> Asunto: IPS - Cisco vs. McAfee vs. Tippingpoint
>
>
> Hi List,
>
> i need to protect a "realtime" website with an inline IPS
> from (D)DOS attacks.
>
> I had some bad experience with Tippingpoint UnityOne 2400
> field test. The device dropped to much sessions until all
> connectivity was lost. 
> After that no investigation was not possible as TP logs all
> attack information with IP address 0.0.0.0 
>
> The vendor excused this with the layered technology and
> passing the IP address from the hardware to the logger would
> lead to delayed packages)
>
> This is unacceptable.
>
> i'm now looking forward to test a Cisco IPS 4270-20 and a
> McAfee Network Security 4050 appliance. 
>
> Who has a good/bad experience with that devices? Is it true
> that all devices don't log ip adresses?
>
> My dream appliance would be able to run like in a 7 day
> learning mode which counts max new sessions per second, max
> sessions per client aso. After this 7 days it creates a
> filter with +x% of the learned values and sets these limits
> active.
>
> A big problem is that i have to install it into the
> productive system to get the real values. I dont have any
> fixed values regarding the new sessions per second and i
> cant just guess and set values and render the system
> offline. 
>
> All information is highly appreciated!
>
> Thank you very much for your time,
>
> Andre
>
>
>       
>
> -----------------------------------------------------------------
> Securing Your Online Data Transfer with SSL.
> A guide to understanding SSL certificates, how they operate
> and their application. By making use of an SSL certificate
> on your web server, you can securely collect sensitive
> information online, and increase business by giving your
> customers confidence that their transactions are safe.
> http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
>
>
>
>
> __________ Informacin de NOD32, revisin 4286 (20090728)
> __________
>
> Este mensaje ha sido analizado con NOD32 antivirus system
> http://www.nod32.com




-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate 
on your web server, you can securely collect sensitive information online, and increase business by giving your 
customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194