I have worked with both ISS and IntruShield, both of which set to inline
mode. When a device fails, you see about 1-3 pings drop and everything
is back to normal.
-----Original Message-----
From: Chris Serafin [mailto:chris_at_chrisserafin.com]
Sent: Thursday, February 02, 2006 3:51 PM
To: geek_brigades_at_yahoo.com; focus-ids_at_securityfocus.com
Subject: RE: IPS Reliability/Availability
I know from the short time I worked for a Juniper reseller, the Juniper
IPS
has a separate box [very small] that does like a HA link to the IPS, so
if
the IPS fails, the traffic routed straight throught the network with no
IPS
Chris Serafin
IT Security / VoIP Engineer
chris_at_chrisserafin.com
-----Original Message-----
From: geek_brigades_at_yahoo.com [mailto:geek_brigades_at_yahoo.com]
Sent: Thursday, February 02, 2006 10:27 AM
To: focus-ids_at_securityfocus.com
Subject: IPS Reliability/Availability
I am working on a big IPS project and I am very concerned about
installing
an inline device in a core enterprise network, where these devices have
the
potential to create big time network outages.
Can you, please, share your possible bad experiences about the
reliability
of the following inline IPS products:
ISS
TippingPoint
Juniper IPS
Sourcefire
McAfee IntruShield
Have you had any issues with the availability of these devices, such as
fail
close crashes or do you have any experience with bypass switches that
would
mitigate the availability issue?
Thanks,
Mike
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
The preceding email message may be confidential or protected by the attorney-client privilege. It is not intended for transmission to, or receipt by, any unauthorized persons. If you have received this message in error, please (i) do not read it, (ii) reply to the sender that you received the message in error, and (iii) erase or destroy the message. Legal advice contained in the preceding message is solely for the benefit of the Foley & Lardner LLP client(s) represented by the Firm in the particular matter that is the subject of this message, and may not be relied upon by any other party.
Internal Revenue Service regulations require that certain types of written advice include a disclaimer. To the extent the preceding message contains advice relating to a Federal tax issue, unless expressly stated otherwise the advice is not intended or written to be used, and it cannot be used by the recipient or any other taxpayer, for the purpose of avoiding Federal tax penalties, and was not written to support the promotion or marketing of any transaction or matter discussed herein.
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Received on Feb 07 2006
Intro
