IDS mailing list archives
RE: Network hardware IPS
From: "JAVIER OTERO" <jotero () SMARTEKH com>
Date: Mon, 29 Sep 2003 15:18:21 -0500
I have work some with NetScreen IDP, they have a nice interface, easy, menus for select the tesfor the pakages (if you does not have unix you can select dont test for unix attack), the honeypot is some trcky but after some time works and is usefull, I install in transparnet mode (bridge), monitor the trafic (like IDS) and start the real polices, they have a set of predifined rules that helps in the initial phase. Is very important define well the IDP size, as is on line, the rules must be very well defined, remember that pakeges are dropped, like a firewall. The appliance is a DELL server with a linux type OS, failure resistance, scsi drive, one or two processors, no keyboard, no display, no cheap, you can no add any hardware, but it works well and I think justify the price. For the IDS I prefer SNORT than other comercial products. Sorry for the mistakes. Ing. Fco. Javier Otero De Alba Diplomado en Seguridad Informática ITESM CEM Grupo Smartekh Antivirus Expertos Bussiness Continuity Inftegrity 5243-4782 al 84 Ext.300 México, D.F. -----Mensaje original----- De: travis.alexander () lacamas org [mailto:travis.alexander () lacamas org] Enviado el: Lunes, 29 de Septiembre de 2003 02:56 p.m. Para: JAVIER OTERO; alvin.wong () b2b com my; focus-ids () securityfocus com Asunto: RE: Network hardware IPS Has anyone had any personal experience with the NetScreen IDP products? Does it live up the hype that is stated on their website? Does it truly work that way they say? Thanks in advance for replies. Travis Alexander Network Administrator Lacamas Community Credit Union 360-834-3611 http://www.lacamas.org -----Original Message----- From: JAVIER OTERO [mailto:jotero () SMARTEKH com] Sent: Monday, September 29, 2003 9:02 AM To: Alvin Wong; focus-ids () securityfocus com Subject: RE: Network hardware IPS Netscreen IDP is a good product, uses 8 mechanisms for detect, 3 models, small, medium and large, 3 active modes plu 1 passive (like IDS) Ing. Fco. Javier Otero De Alba Diplomado en Seguridad Informática ITESM CEM Grupo Smartekh Antivirus Expertos Bussiness Continuity Inftegrity 5243-4782 al 84 Ext.300 México, D.F. -----Mensaje original----- De: Alvin Wong [mailto:alvin.wong () b2b com my] Enviado el: Lunes, 29 de Septiembre de 2003 03:31 a.m. Para: focus-ids () securityfocus com Asunto: Network hardware IPS Hi, I'm interested to find out if anyone can share their experiences or recommend a network hardware IPS that is deployed in front of the gateway which is able to detect attack signatures and at the same time, actively blocking out these attacks, alerting me in the process. This would be different from a passive IDS which depends on correlating the logs every time an alert pops up. An ideal solution would be to be able to detect the patterns and prevent them automatically, can a network IPS do this? I understand that it is possible in some IDS to do a TCP reset after one had confirmed that the connection is not acceptable, can anyone explain whether an IDS that can do this be actually "active" as opposed to passive? It would also be interesting if there could be some amount of trend analysis built in which can review the destination/source ip traffic over time, which can be used to identify particular boxes which are easily targeted, which would mean that more work needs to be done for that box. Regards, Alvin --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 --------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 --------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ---------------------------------------------------------------------------
Current thread:
- Network hardware IPS Alvin Wong (Sep 29)
- RE: Network hardware IPS Alan Shimel (Sep 29)
- Re: Network hardware IPS Andy Cuff [Talisker] (Sep 29)
- Re: Network hardware IPS nick black (Sep 30)
- Re: Network hardware IPS Ravi Kumar (Sep 30)
- <Possible follow-ups>
- RE: Network hardware IPS JAVIER OTERO (Sep 29)
- Message not available
- Network hardware IPS Alvin Wong (Sep 30)
- Re: Network hardware IPS Cory Stoker (Sep 30)
- Message not available
- RE: Network hardware IPS JAVIER OTERO (Sep 30)
- RE: Network hardware IPS travis . alexander (Sep 30)
- RE: Network hardware IPS JAVIER OTERO (Sep 30)
- RE: Network hardware IPS Nimesh Vakharia (Sep 30)
- RE: Network hardware IPS Bob Walder (Sep 30)