Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

RE: IPS Reliability/Availability
From: "Alan Shimel" <ashimel () stillsecure com>
Date: Sun, 19 Feb 2006 19:37:37 -0500
We are looking at a similar type of card for our IPS, am interested if
customers really by into this as being true bypass?  We wanted to offer it
as an option with free IPS strata guard free (stillsecure.org).

alan

 
StillSecure
Alan Shimel 
Chief Strategy Officer 

O 303.381.3815
C 516.857.7409
F 303.381.3881
email ashimel () stillsecure com
blog http://ashimmy.typepad.com

www.stillsecure.com
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer.

-----Original Message-----
From: Martin Roesch [mailto:roesch () sourcefire com] 
Sent: Thursday, February 16, 2006 10:47 AM
To: Andrew Plato
Cc: geek_brigades () yahoo com; focus-ids () securityfocus com
Subject: Re: IPS Reliability/Availability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So Andrew, are you saying that most of our customers routinely  
experience 75% hardware failure rates and we're somehow managing to  
cover this up or do you think this was an isolated incident?  Can you  
imagine the cost to us in in terms of overhead for our customers with  
100+ sensors if that were a true indication of the reliability of our  
gear?

BTW, our IPS appliances offer zero power fail-open NICs as well.

     -Marty

On Feb 6, 2006, at 11:04 AM, Andrew Plato wrote:


Most of these devices are pretty good for reliability. The only
exception I would make is SourceFire, which back when we sold it had
abysmal reliability (3 out of 4 boxes we sold to a customer show up  
dead
or died soon after installation).

TippingPoint sells a zero-power bypass add-on for their IPS. If the  
IPS
fails in anyway, traffic is passed through the zero-power device. Its
very easy to add. Juniper does something similar.

-----------------------------------------------
Andrew Plato, CISSP, CISM
President/Principal Consultant
Anitian Enterprise Security

-----------------------------------------------




-----Original Message-----
From: geek_brigades () yahoo com [mailto:geek_brigades () yahoo com]
Sent: Thursday, February 02, 2006 8:27 AM
To: focus-ids () securityfocus com
Subject: IPS Reliability/Availability

I am working on a big IPS project and I am very concerned about
installing an inline device in a core enterprise network, where these
devices have the potential to create big time network outages.

Can you, please, share your possible bad experiences about the
reliability of the following inline IPS products:

ISS
TippingPoint
Juniper IPS
Sourcefire
McAfee IntruShield

Have you had any issues with the availability of these devices,  
such as
fail close crashes or do you have any experience with bypass switches
that would mitigate the availability issue?

Thanks,
Mike

---------------------------------------------------------------------- 
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- 
ids_040708
to learn more.
---------------------------------------------------------------------- 
--
_________________________________________________
NOTICE:
This email may contain confidential information,
and is for the sole use of the intended recipient.
If you are not the intended recipient, please reply
to the message and inform the sender of the error
and delete the email and any attachments from
your computer.
_________________________________________________

---------------------------------------------------------------------- 
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- 
ids_040708
to learn more.
---------------------------------------------------------------------- 
--



- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD9J6Qqj0FAQQ3KOARAiElAJ96YZCSRUWJzU8hQZ2zKIsslDH6RQCfV9K1
sLDLFCtnciiLmvCYHUbPgv8=
=+eOq
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]