Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: Network hardware IPS

Re: Network hardware IPS

From: barking phrog <barkingphrog_at_hotmail.com>
Date: Wed, 01 Oct 2003 10:48:48 -0400

we evaluated several products and found the best overall product to be NAI's
IntruSheild. This used to be Intruvert. It has the ability to create
policies down to the specific IP address level. It is also very easy to use
and "train" to your network. I have three of the 2600 appliances in our
network. great product!

>From: "Andy Cuff [Talisker]" <lists_at_securitywizardry.com>
>Reply-To: "Andy Cuff [Talisker]" <virus_at_securitywizardry.com>
>To: "Alvin Wong" <alvin.wong_at_b2b.com.my>,<focus-ids_at_securityfocus.com>
>Subject: Re: Network hardware IPS
>Date: Mon, 29 Sep 2003 19:00:02 +0100
>
>Hi Alvin,
>You may want to check out the salient details I collated for all the IPS
>(Inline IDS) some time ago. As far as I know it's still current though
>they
>seem a little thin on the ground
>http://www.networkintrusion.co.uk/inline.htm
>
>Hogwash - Is this still current?
>Inline_Snort - Not sure if I found the official Home page
>Intrushield
>OneSecure - The site seems to be down (bites tongue about IPS)
>RealSecure Guard - First one I played with
>UnityOne
>BorderGuard
>
>I'm hoping some of the spotters or even Vendors (I'm not proud) can
>highlight some that I'm missing. If you hear of any please let me know!
>take care
>-andy
>Talisker Security Tools Directory
>http://www.securitywizardry.com
>----- Original Message -----
>From: "Alvin Wong" <alvin.wong_at_b2b.com.my>
>To: <focus-ids_at_securityfocus.com>
>Sent: Monday, September 29, 2003 9:30 AM
>Subject: Network hardware IPS
>
>
> > Hi,
> >
> > I'm interested to find out if anyone can share their experiences or
> > recommend a network hardware IPS that is deployed in front of the
> > gateway which is able to detect attack signatures and at the same time,
> > actively blocking out these attacks, alerting me in the process.
> >
> > This would be different from a passive IDS which depends on correlating
> > the logs every time an alert pops up. An ideal solution would be to be
> > able to detect the patterns and prevent them automatically, can a
> > network IPS do this?
> >
> > I understand that it is possible in some IDS to do a TCP reset after one
> > had confirmed that the connection is not acceptable, can anyone explain
> > whether an IDS that can do this be actually "active" as opposed to
> > passive?
> >
> > It would also be interesting if there could be some amount of trend
> > analysis built in which can review the destination/source ip traffic
> > over time, which can be used to identify particular boxes which are
> > easily targeted, which would mean that more work needs to be done for
> > that box.
> >
> > Regards,
> > Alvin
> >
> >
> >
> >
>--------------------------------------------------------------------------
>-
> > Captus Networks IPS 4000
> > Intrusion Prevention and Traffic Shaping Technology to:
> > - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> > - Automatically Control P2P, IM and Spam Traffic
> > - Precisely Define and Implement Network Security & Performance
>Policies
> > FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
> > http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
> >
>--------------------------------------------------------------------------
>-
> >
>
>
>---------------------------------------------------------------------------
>Captus Networks IPS 4000
>Intrusion Prevention and Traffic Shaping Technology to:
> - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> - Automatically Control P2P, IM and Spam Traffic
> - Precisely Define and Implement Network Security & Performance Policies
>FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
>http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
>---------------------------------------------------------------------------
>

_________________________________________________________________
Help protect your PC. Get a FREE computer virus scan online from McAfee.
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
Received on Oct 02 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos