Penetration Testing mailing list archives
Re: IPS comparison
From: "DokFLeed" <dokfleed () dokfleed net>
Date: Tue, 26 Jul 2005 13:16:46 +0400
bw, I made something similar lately, first of all start with http://www.nss.co.uk/ personally I would go with TopLayer, the only once passed both tests. another thing, take a look at the products history, things likewho started as an IPS not an IDS, who is ASIC based , how many proven concurrent connections it can handle ,
does it follow a protocol analysis or signatures throw & catch. finally for reference if it makes any sense· The lack of a stateful firewall for all connections and policy control. A hardware limit of 10,000 signatures, which can all be used up if diverse policies are specified for different segments or IP addresses with existing signatures, leaving no room for expansion. · The lack of effective high availability solutions that increase performance and scalability cannot reliably support asymmetry in networks HA decreases performance significantly. · Lack of network infrastructure class reliability, required for in-line deployments. · Close to 100% reliance on IDS like signatures for protection. Digital Vaccine, or automatic signature updates on an inline infrastructure device is thus necessary, and poses a risk of automated blocking of real world business traffic, and potentially violates network change control policies.
· No real world Denial of Service (DoS) or DDoS protection.· Built around an off the shelf Layer 2 switch ASIC and off the shelf network processors, even claimed latency at between 1ms and 215 ?s is too high for inline deployments.
TopLayer series handle around 30,000 connection with a latency of 0.04 ms and 0.08 ms with deep inspection enabled
Please disregard it, if it does not make any sense :) DokFLeed Smoke Dope, Eat Soap, Fly Home in a Bubble----- Original Message ----- From: "bw" <bjshhsjb () yahoo com>
To: <pen-test () securityfocus com> Sent: Monday, July 25, 2005 8:52 PM Subject: IPS comparison I have been tasked with comparing IPS appliances. I am seriously looking at top layer's product line and tipping point. Does anyone have a spreadsheet or know of any tool they would be willing to share for comparing products. Im new to this so any help would be appreciated thank you __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection aroundhttp://mail.yahoo.com
Current thread:
- IPS comparison bw (Jul 25)
- Re: IPS comparison DokFLeed (Jul 26)
- RES: IPS comparison Charbel Chalala Issa (Jul 26)
- Re: IPS comparison David Eduardo Acosta Rodríguez (Jul 26)
- <Possible follow-ups>
- RE: IPS comparison Williams, Cameron (Jul 25)
- Re: IPS comparison Micheal Cottingham (Jul 25)
- RE: IPS comparison Leif Sawyer (Jul 25)
- RE: IPS comparison Martin (Jul 25)
- RE: IPS comparison David L Rice (Jul 25)
- RE: IPS comparison Lyal Collins (Jul 26)
- RE: IPS comparison Alexis Villagra - VILSOL LatinAmerica (Jul 26)
- RE: IPS comparison Martin (Jul 25)
- RE: IPS comparison Security Focus (Jul 26)