Security Basics mailing list archives
RE: tippingpoint IDS
From: "forums () kentane net" <forums () kentane net>
Date: Tue, 12 Jul 2005 21:08:31 +0200 (SAST)
That's one point I forgot to mention and a very valuable point indeed. False positives! Tippingpoing is excellent when it comes to this. You get very little false positives in my experience. I have deployed 10 200s and 2 1200s in my network, managed via their management console, the SMS. It's a pleasure to look after these things. In terms of what specific boxen to deploy for your network, I can't really say. You would have to speak to your Tippingpoint sales rep he would be able to advise on the size based on the throughput and number of segements supported by the box. False positives are the major issue with IPS' that are based on IDS. To single one out, the Proventia device (it's the only one I have some experience with). The rest just lack management tools and are a tab bit cumbersome to manage in huge deployments. Some are just network based AV. There's a lot of hogwash out there... ------------------------- Original Message: From: Jason Leung <jleung () verniernetworks com> To: forums () kentane net, roastin () yahoo com Date: Tuesday, July 12 2005 20:35 Subject: RE: tippingpoint IDS Ah, Would you have any observations you can relate about TP IPS about false positives, or perhaps any pointers on how big of a box for what kind of network architecture deployment? Thanks Jason -----Original Message----- From: forums () kentane net [mailto:forums () kentane net] Sent: Tuesday, July 12, 2005 1:49 AM To: roastin () yahoo com Cc: security-basics () securityfocus com Subject: Re: tippingpoint IDS First of all, Tippying point is and IPS, the difference you can read about here: http://www.checkpoint.com/products/internal_security/articles/ht_ips_ids .html I have experience on both the Tippingpoint and the ISS Proventia. The first thing that you should know is that Proventia was an outgrowth of ISS IDS, and as such is more like in inline IDS more than anything. Tippingpoint was designed as an IPS from the ground up. Tippingpoit's main plus is that it's designed for performance. While most IPSs lack terribly in this arena. To top it off, a lot of the Tippingpoint signatures are based on the actual vulnerability instead of some exploit, therefore if a network based attack's signature should change, because Tippingpoint's sig is based on the vulnerability, it should be able to catch it. This also makes it quicker for Tippingpoint to release signatures to combat against a new vulnerability even before an exploit is seen in the wild. Also Tippingpoint is piss easy to setup. In a matter of minutes can be up and running compared to most other IPS devices that I have played with. Talk to your local reseller, get a Tippingpoint and play with it. You will be amazed! ------------------------- Original Message: From: Leon <roastin () yahoo com> To: security-basics () securityfocus com Date: Thursday, July 7 2005 19:49 Subject: tippingpoint IDS Does anyone have any experience with this product? Looking to hear unbiased reviews. Thx, Leon __________________________________ Yahoo! Mail for Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail
Current thread:
- tippingpoint IDS Leon (Jul 11)
- Re: tippingpoint IDS Tamarcus A Person (Jul 12)
- RE: tippingpoint IDS l1nux.fu3l (Jul 12)
- Re: tippingpoint IDS forums () kentane net (Jul 12)
- <Possible follow-ups>
- RE: tippingpoint IDS Jason Leung (Jul 13)
- RE: tippingpoint IDS forums () kentane net (Jul 13)