IDS mailing list archives
RE: Network hardware IPS
From: "Davis, Scott L" <Scott.Davis () NAV-INTERNATIONAL com>
Date: Tue, 30 Sep 2003 11:22:32 -0500
Anybody have any experience or feedback on the IntruShield product, especially since being acquired by NAI? They gave my company a sales pitch yesterday. They claim a "92% reduction in false positives". Of course the sales guy could not tell me what that was a reduction of, whether over their own previous products or a specific manufacturer, what type of environment etc. He did throw Greg's name and Neohapsis around quite a bit, to the point of quoting Greg as thinking the IntruShield 4000 is the best inline product in their market space. So any feedback, especially anything Mr. Shipley may feel comfortable adding, would be greatly appreciated. Scott -----Original Message----- From: Nimesh Vakharia [mailto:nvakhari () mil sunysb edu] Sent: Monday, September 29, 2003 10:49 PM To: virus () securitywizardry com; alvin.wong () b2b com my; focus-ids () securityfocus com Subject: RE: Network hardware IPS Ah you missed ipEnforcer from iPolicy Networks. It sits inline (supports offline as well) and is purpose built with network processors (100Mbps-5Gbps, FE, GE, OC-48). Ability to stop attacks in real time (more creative ways than fw hardening which we feel should not be a front-line defense mechanism use by an IPS) and also has DDoS detection and mitigation (active prevention) abilities. In addition the ipEnforcer supports other applications like FW, VPN, URL Screening, Surveillance etc. at those speeds. For more information see our website at ipolicynet.com If anyone is interested, we can talk offline as well. (In case it was not clear, I work for iPolicy Networks) thanks, Nimesh. -----Original Message----- From: Andy Cuff [Talisker] Sent: Monday, September 29, 2003 11:00 AM To: Alvin Wong; focus-ids () securityfocus com Subject: Re: Network hardware IPS Hi Alvin, You may want to check out the salient details I collated for all the IPS (Inline IDS) some time ago. As far as I know it's still current though they seem a little thin on the ground Hogwash - Is this still current? Inline_Snort - Not sure if I found the official Home page Intrushield OneSecure - The site seems to be down (bites tongue about IPS) RealSecure Guard - First one I played with UnityOne BorderGuard I'm hoping some of the spotters or even Vendors (I'm not proud) can highlight some that I'm missing. If you hear of any please let me know! take care -andy Talisker Security Tools Directory ----- Original Message ----- From: "Alvin Wong" <alvin.wong () b2b com my> To: <focus-ids () securityfocus com> Sent: Monday, September 29, 2003 9:30 AM Subject: Network hardware IPS
Hi, I'm interested to find out if anyone can share their experiences or recommend a network hardware IPS that is deployed in front of the gateway which is able to detect attack signatures and at the same time, actively blocking out these attacks, alerting me in the process. This would be different from a passive IDS which depends on correlating the logs every time an alert pops up. An ideal solution would be to be able to detect the patterns and prevent them automatically, can a network IPS do this? I understand that it is possible in some IDS to do a TCP reset after one had confirmed that the connection is not acceptable, can anyone explain whether an IDS that can do this be actually "active" as opposed to passive? It would also be interesting if there could be some amount of trend analysis built in which can review the destination/source ip traffic over time, which can be used to identify particular boxes which are easily targeted, which would mean that more work needs to be done for that box. Regards, Alvin
-------------------------------------------------------------------------- -
Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance
Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
-------------------------------------------------------------------------- -
--------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo --------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 --------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ---------------------------------------------------------------------------
Current thread:
- RE: Network hardware IPS Davis, Scott L (Oct 02)
- Re: Network hardware IPS Stefano Zanero (Oct 06)
- <Possible follow-ups>
- Re: Network hardware IPS Darren Bolding (Oct 02)
- Re: Network hardware IPS Alvin Wong (Oct 02)
- Re: Network hardware IPS Ravi Kumar (Oct 02)
- Re: Network hardware IPS Alvin Wong (Oct 02)
- Re: Network hardware IPS Ravi Kumar (Oct 06)
- RE: Network hardware IPS Ron Gula (Oct 02)
- Re: Network hardware IPS Gary Flynn (Oct 06)
- Re: Network hardware IPS david maynor (Oct 07)
- Re: Network hardware IPS Gary Flynn (Oct 08)
- Re: Network hardware IPS Gary Flynn (Oct 06)