|
IDS
mailing list archives
Re: RE: IPS - Cisco vs. McAfee vs. Tippingpoint - Tried Arbor and Top Layer?
From: jfarley () hush com
Date: 29 Jul 2009 19:15:41 -0000
Hi,
i need to protect a "realtime" website with an >inline IPS from (D)DOS attacks.
I'd keep in mind that the latest DDoS attacks are not limited to HTTP-based floods and use a variety of DDoS vectors to
bring your website down. For instance, the DDoS from the Korean botnet -
http://www.networkworld.com/news/2009/071009-korea-ddos-virus-mission-shifts.html - involved sending normal HTTP
queries asking for an index page, SYN floods, UDP floods, IP proto floods etc. So the vendor probably needs to provide
more comprehensive DDoS protection, not just HTTP flood protection.
My dream appliance would be able to run like in a 7 day learning mode which
counts max new sessions per second, max sessions per client aso. After this 7
days it creates a filter with +x% of the learned values and sets these limits
active.
I believe either Arbor Peakflow or Top Layer IPS 5500 do what you described and much more for DDoS. In our experience,
Arbor is a little better at botnet protection and Top Layer is at DDoS and file-based attack protection. Both have
pretty comprehensive security protection as well - MS vulnerabilities, attachments etc. Cisco and ISS are good, too,
but not as flexible when it comes to DDoS analysis and support.
-JF
-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate
on your web server, you can securely collect sensitive information online, and increase business by giving your
customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
 By Date 
By Thread
Current thread:
- Re: RE: IPS - Cisco vs. McAfee vs. Tippingpoint - Tried Arbor and Top Layer? jfarley (Jul 29)
| 
Intro
