IDS mailing list archives
Re: Intrusion Prevention
From: Randy Taylor <gnu () charm net>
Date: Mon, 23 Dec 2002 23:02:16 -0500
Thanks Dave and Steve. That info just what I needed and right on time. I will be beginning evals of IntruVert soon, with NetScreen IDP to follow. For functionality ("speeds and feeds") criteria, I am relying heavily on OSEC, because the Neohapsis crew knows their stuff and nothing is hidden - all the details are there in the criteria. IntruVert has been through OSEC - I haven't seen a date for NetScreen set yet, so I'll be holding off their eval until they've been through that process. I'm looking at IntruVert for my project's Gig pipes, and NetScreen's IDP for the sub-Gig pipes. I can't justify IntruVert's cost for anything under Gig speeds yet. Beyond that, I am looking for feedback on "human factors" issues, such as scalability (ok that's a cross between technical and human), manageability, ease-of-use, forensics capability, sensor/analyst ratios, etc. for both IntruVert and NetScreen IDP. Folks out there using either of these products, please feel free to email me directly with your experiences with them in the real work world. I'd really appreciate your input. Best regards and happy holidays to all, Randy ----- "Go ahead and quit. We'll just hire dumber people to replace you." -- Demetri Fanourgiakis, Security VP, Enterasys Networks, Summer 2002. Yeah, this is the guy that replaced Ron Gula. You may now boggle. --- At 12:52 PM 12/23/2002 -0700, Dave Mitchell wrote:
I personally recommend the Netscreen IDP. It uses flow based packet inspection, can ride in-line or in sniffer, and has a realtime Java GUI for Windows or Linux. Policy options include the ability to allow, discard, TCP RST client, TCP RST server, or both. The 2.0 code allows for in-line with spanning tree and can also use VRRP. They are reliable, easy to install,and best of all, easy to manage. I was able to push near ~450mb/s at the IDP 500. -dave On Mon, Dec 23, 2002 at 11:52:08AM -0600, Carey, Steve T GARRISON wrote:> We are currently testing it. It is pretty impressive. Gives you the capability > to either look at just the packet that caused the alert, or the alert packet and > five subsequent packets, or entire flow (which gives you the traffic from the> source and the destination). Currently the best commercial product we have > looked at. > > Steven T. Carey > LCIRT-R Team Leader > Comm (256) 876-5811 > Cell (256) 947-0225 > > > -----Original Message----- > From: Johnny Kho [mailto:johnnyk () mailhost net] > Sent: Sunday, December 22, 2002 10:14 PM > To: Johnny Kho > Cc: focus-ids () securityfocus com > Subject: Intrusion Prevention > > > Hi. > > Anyone have tested Intruvert Network IPS? It is pretty impressive from the > NSS test results... > > www.intruvert.com > > Merry Christmas and Holiday Cheers to all.. > > Johnny
Current thread:
- RE: Intrusion Prevention, (continued)
- RE: Intrusion Prevention Adam Powers (Dec 10)
- RE: Intrusion Prevention Ralph Los (Dec 10)
- Re: Intrusion Prevention Vern Paxson (Dec 10)
- RE: Intrusion Prevention Chris Petersen (Dec 11)
- Intrusion Prevention Johnny Kho (Dec 23)
- RE: Intrusion Prevention Robert_Huber (Dec 11)
- RE: Intrusion Prevention Matthew L. McGuirl (Dec 11)
- RE: Intrusion Prevention Frank Knobbe (Dec 11)
- RE: Intrusion Prevention Carey, Steve T GARRISON (Dec 23)
- Re: Intrusion Prevention Dave Mitchell (Dec 23)
- Re: Intrusion Prevention Randy Taylor (Dec 24)
- Re: Intrusion Prevention Dave Mitchell (Dec 23)
- Re: Intrusion Prevention Rick Williams (Dec 27)
- OSEC [WAS: Re: Intrusion Prevention] Greg Shipley (Dec 29)
- NSS (was Re: Intrusion Prevention) Randy Taylor (Dec 30)