Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: IPS Reliability/Availability

Re: IPS Reliability/Availability

From: Bob Walder <bwalder_at_spamcop.net>
Date: Mon, 13 Feb 2006 19:25:17 +0100

We are testing MULTI-Gigabit IPS products right now, to include Sourcefire
as well as all the usual suspects :o)

Results to be published later this year

Bob Walder
The NSS Group

On 13/2/06 16:24, "David Williams" <dwilliamsd_at_gmail.com> wrote:

> Actually, I'm seeing other vendors, SourceFire being one of the ones
> in the eval list below, who have not gone the ASIC route, but have
> gone with a kind of RISC architecture to get speed. Their pitch is
> that they get the performance of the ASIC vendors by using multiple
> RISC chips (I think the base model that does a gig inline has 6 RISC
> processors) to handle the load (plus an extra processor to handle the
> management end of things... so 7 all together). They are claiming
> performance of an ASIC but the flexibility of software. Not sure how
> valid that claim is.
>
> Question 1 : I'm wondering if anybody has tested these or stacked
> them up next to the ASIC brands to test perfomance, and if so, can
> they provide some feedback.
>
> Question 2: Does anybody have a list of which vendors are using ASICs
> for performance and which are using this RISC type architecture for
> performance?
>
> Question 3: Not so much a question, but a general request; I'd be
> interested in a "pro vs con" for each if anybody gets their hands on
> them.
>
> -d
>
> On 2/6/06, Andrew Plato <andrew.plato_at_anitian.com> wrote:
>> Most of these devices are pretty good for reliability. The only
>> exception I would make is SourceFire, which back when we sold it had
>> abysmal reliability (3 out of 4 boxes we sold to a customer show up dead
>> or died soon after installation).
>>
>> TippingPoint sells a zero-power bypass add-on for their IPS. If the IPS
>> fails in anyway, traffic is passed through the zero-power device. Its
>> very easy to add. Juniper does something similar.
>>
>> -----------------------------------------------
>> Andrew Plato, CISSP, CISM
>> President/Principal Consultant
>> Anitian Enterprise Security
>>
>> -----------------------------------------------
>>
>>
>>
>>
>> -----Original Message-----
>> From: geek_brigades_at_yahoo.com [mailto:geek_brigades_at_yahoo.com]
>> Sent: Thursday, February 02, 2006 8:27 AM
>> To: focus-ids_at_securityfocus.com
>> Subject: IPS Reliability/Availability
>>
>> I am working on a big IPS project and I am very concerned about
>> installing an inline device in a core enterprise network, where these
>> devices have the potential to create big time network outages.
>>
>> Can you, please, share your possible bad experiences about the
>> reliability of the following inline IPS products:
>>
>> ISS
>> TippingPoint
>> Juniper IPS
>> Sourcefire
>> McAfee IntruShield
>>
>> Have you had any issues with the availability of these devices, such as
>> fail close crashes or do you have any experience with bypass switches
>> that would mitigate the availability issue?
>>
>> Thanks,
>> Mike
>>
>> ------------------------------------------------------------------------
>> Test Your IDS
>>
>> Is your IDS deployed correctly?
>> Find out quickly and easily by testing it with real-world attacks from
>> CORE IMPACT.
>> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>> to learn more.
>> ------------------------------------------------------------------------
>> _________________________________________________
>> NOTICE:
>> This email may contain confidential information,
>> and is for the sole use of the intended recipient.
>> If you are not the intended recipient, please reply
>> to the message and inform the sender of the error
>> and delete the email and any attachments from
>> your computer.
>> _________________________________________________
>>
>> ------------------------------------------------------------------------
>> Test Your IDS
>>
>> Is your IDS deployed correctly?
>> Find out quickly and easily by testing it
>> with real-world attacks from CORE IMPACT.
>> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>> to learn more.
>> ------------------------------------------------------------------------
>>
>>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Received on Feb 13 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos