Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: IPS Reliability/Availability

Re: IPS Reliability/Availability

From: David W. Goodrum <dgoodrum_at_nfr.com>
Date: Tue, 07 Feb 2006 08:41:10 -0500

You should also check for controllable latency. A box could be
technically "up", but having problems and introducing latency. You
should ask each vendor why they might add latency (fragmentation and
session reassembly are potential ones I can think of), what happens when
CPU's get taxed too high, if latency is controllable. The classic
example is the vendor "pulling the plug" on the box and showing you the
bypass capability. But, there are worse scenarios than pulling the
plug. Controllable/configurable latency should be something you might
want to look at in a vendor.

thanks,

dave

David W. Goodrum, CEH
(nfr)(security)
http://www.nfr.com
(M)703.731.3765
(O)240.747.3425
(F)240.632.0200

Wes Young wrote:
> http://www.netoptics.com/products/product_family_details.asp?Section=products&pid=99&cid=5
>
> On Thu, 2006-02-02 at 15:51 -0600, Chris Serafin wrote:
>
>>I know from the short time I worked for a Juniper reseller, the Juniper IPS
>>has a separate box [very small] that does like a HA link to the IPS, so if
>>the IPS fails, the traffic routed straight throught the network with no IPS
>>
>>Chris Serafin
>>IT Security / VoIP Engineer
>>chris_at_chrisserafin.com
>>
>>-----Original Message-----
>>From: geek_brigades_at_yahoo.com [mailto:geek_brigades_at_yahoo.com]
>>Sent: Thursday, February 02, 2006 10:27 AM
>>To: focus-ids_at_securityfocus.com
>>Subject: IPS Reliability/Availability
>>
>>I am working on a big IPS project and I am very concerned about installing
>>an inline device in a core enterprise network, where these devices have the
>>potential to create big time network outages.
>>
>>Can you, please, share your possible bad experiences about the reliability
>>of the following inline IPS products:
>>
>>ISS
>>TippingPoint
>>Juniper IPS
>>Sourcefire
>>McAfee IntruShield
>>
>>Have you had any issues with the availability of these devices, such as fail
>>close crashes or do you have any experience with bypass switches that would
>>mitigate the availability issue?
>>
>>Thanks,
>>Mike
>>
>>------------------------------------------------------------------------
>>Test Your IDS
>>
>>Is your IDS deployed correctly?
>>Find out quickly and easily by testing it
>>with real-world attacks from CORE IMPACT.
>>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>>to learn more.
>>------------------------------------------------------------------------
>>
>>
>>
>>
>>------------------------------------------------------------------------
>>Test Your IDS
>>
>>Is your IDS deployed correctly?
>>Find out quickly and easily by testing it
>>with real-world attacks from CORE IMPACT.
>>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>>to learn more.
>>------------------------------------------------------------------------
>> 

-- 
David W. Goodrum, CEH
(nfr)(security)
http://www.nfr.com
(M)703.731.3765
(O)240.747.3425
(F)240.632.0200
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
Received on Feb 07 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos