IDS: Re: IPS - Cisco vs. McAfee vs. Tippingpoint

[Hurgel Bumpf <l0rd_lunatic () yahoo com>]

Hi Gary,


thank you for your valuable input.

indeed my main focus is on protecting our systems from (D)DOS attacks. I start to like the peakflow product more and 
more.

Thank you all for pointing that out!

Andre

--- Gary Halleen <ghalleen () cisco com> schrieb am Mi, 29.7.2009:

> Von: Gary Halleen <ghalleen () cisco com>
> Betreff: Re: IPS - Cisco vs. McAfee vs. Tippingpoint
> An: "Hurgel Bumpf" <l0rd_lunatic () yahoo com>, focus-ids () securityfocus com
> Datum: Mittwoch, 29. Juli 2009, 15:07
> Hurgel,
>
> While I think you'll be happy with the features and
> performance of Cisco's
> IPS (especially if you are using 7.0 software, which comes
> with Reputation
> Filtering and Global Correlation capabilities), you should
> keep in mind that
> an IPS is not always the best solution for DDoS
> protection.
>
> Depending on the type and severity of the DDoS attack, the
> IPS may provide
> what you are looking for, especially if you configure it to
> block or
> rate-limit on an upstream device, like a router, switch, or
> firewall.
>
> You may also want to take a look at Arbor's Peakflow
> products, as well as
> Cisco's Guard/Detector products.  Both of these are
> designed with DDoS
> protection as primary features.  They also are
> typically deployed both at
> the customer's site, as well as upstream, so that DDoS
> traffic is never
> eating up your bandwidth to the Internet once an attack is
> detected.
>
> Gary
>
>
>
> On 7/29/09 5:25 AM, "Hurgel Bumpf" <l0rd_lunatic () yahoo com>
> wrote:
>
> > Hi List,
> >
> > i need to protect a "realtime" website with an inline
> IPS from (D)DOS attacks.
> > I had some bad experience with Tippingpoint UnityOne
> 2400 field test. The
> > device dropped to much sessions until all connectivity
> was lost.
> > After that no investigation was not possible as TP
> logs all attack information
> > with IP address 0.0.0.0
> >
> > The vendor excused this with the layered technology
> and passing the IP address
> > from the hardware to the logger would lead to delayed
> packages)
> > This is unacceptable.
> >
> > i'm now looking forward to test a Cisco IPS 4270-20
> and a McAfee Network
> > Security 4050 appliance.
> >
> > Who has a good/bad experience with that devices? Is it
> true that all devices
> > don't log ip adresses?
> >
> > My dream appliance would be able to run like in a 7
> day learning mode which
> > counts max new sessions per second, max sessions per
> client aso. After this 7
> > days it creates a filter with +x% of the learned
> values and sets these limits
> > active.
> >
> > A big problem is that i have to install it into the
> productive system to get
> > the real values. I dont have any fixed values
> regarding the new sessions per
> > second and i cant just guess and set values and render
> the system offline.
> > All information is highly appreciated!
> >
> > Thank you very much for your time,
> >
> > Andre
> -----------------------------------------------------------------
> > Securing Your Online Data Transfer with SSL.
> > A guide to understanding SSL certificates, how they
> operate and their
> > application. By making use of an SSL certificate on
> your web server, you can
> > securely collect sensitive information online, and
> increase business by giving
> > your customers confidence that their transactions are
> safe.
> > http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194

    

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate 
on your web server, you can securely collect sensitive information online, and increase business by giving your 
customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194