Penetration Testing mailing list archives

Re: IPS comparison

From: "DokFLeed" <dokfleed () dokfleed net>
Date: Tue, 26 Jul 2005 13:16:46 +0400

bw,
I made something similar lately,
first of all start with http://www.nss.co.uk/
personally I would go with TopLayer, the only once passed both tests.

another thing, take a look at the products history, things like

who started as an IPS not an IDS, who is ASIC based , how many provenconcurrent connections it can handle ,

does it follow a protocol analysis or signatures throw & catch.

finally for reference if it makes any sense

· The lack of a stateful firewall for all connections and policycontrol. A hardware limit of 10,000 signatures, which can all be used up ifdiverse policies are specified for different segments or IP addresses withexisting signatures, leaving no room for expansion.· The lack of effective high availability solutions that increaseperformance and scalability cannot reliably support asymmetry in networks HAdecreases performance significantly.· Lack of network infrastructure class reliability, required forin-line deployments.· Close to 100% reliance on IDS like signatures for protection.Digital Vaccine, or automatic signature updates on an inline infrastructuredevice is thus necessary, and poses a risk of automated blocking of realworld business traffic, and potentially violates network change controlpolicies.

·         No real world Denial of Service (DoS) or DDoS protection.

· Built around an off the shelf Layer 2 switch ASIC and off theshelf network processors, even claimed latency at between 1ms and 215 ?s istoo high for inline deployments.

TopLayer series handle around 30,000 connection with a latency of 0.04 msand 0.08 ms with deep inspection enabled


Please disregard it, if it does not make any sense :)

DokFLeed
Smoke Dope, Eat Soap, Fly Home in a Bubble

----- Original Message -----From: "bw" <bjshhsjb () yahoo com>

To: <pen-test () securityfocus com>
Sent: Monday, July 25, 2005 8:52 PM
Subject: IPS comparison

I have been tasked with comparing IPS appliances. I am
seriously looking at top layer's product line and
tipping point. Does anyone have a spreadsheet or know
of any tool they would be willing to share for
comparing products. Im new to this so any help would
be appreciated

thank you

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around

http://mail.yahoo.com

Current thread:

IPS comparison bw (Jul 25)
- Re: IPS comparison DokFLeed (Jul 26)
- RES: IPS comparison Charbel Chalala Issa (Jul 26)
  - Re: IPS comparison David Eduardo Acosta Rodríguez (Jul 26)
- <Possible follow-ups>
- RE: IPS comparison Williams, Cameron (Jul 25)
  - Re: IPS comparison Micheal Cottingham (Jul 25)
- RE: IPS comparison Leif Sawyer (Jul 25)
  - RE: IPS comparison Martin (Jul 25)
    - RE: IPS comparison David L Rice (Jul 25)
    - RE: IPS comparison Lyal Collins (Jul 26)
    - RE: IPS comparison Alexis Villagra - VILSOL LatinAmerica (Jul 26)
  - RE: IPS comparison Security Focus (Jul 26)

(Thread continues...)