IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Intruvert 4000.

From: Steve Paine <steve () hiblue com>
Date: Tue, 27 Jan 2004 10:16:53 +0100
By way of an introduction, and using the 'give before you get' principle, i 
thought i'd drop a few lines about our recent purchase of the Intruvert 4000 
from Network associates.

We chose the intruvert 4000 over a number of other devices due to its ability 
to handle assymetric traffic in a load-balancing scanario. We have 2 x 1GB 
connections going through this device.

We've had it for three weeks now and have been, lets say, 'playing.'

Things i like: 
Ease of setup. The device must be operated via a seperate management machine 
and after this has been installed, the device can be put into action as an 
IDS device very quickly with the standard profiles.
As an active device, things are obviously more tricky. DDOS protection and 
learning profiles caused us some problems for a while as it was very 
difficult to see what the device had learnt and what it was blocking. As we 
go furher with testing, this part of the device is becoming clearer.
We havent done any throughput or delay tests and I guess, we won't do much in 
this area. Our traffic loads aren't that high that we need to worry about 
device overloading at this stage.

Thing i dont like:
The management interface is s-l-o-w. Despite having a P4 2.4 running with 1GB 
memory, the java-based management application is too fat for its job. It  
needs a lot of optimisation. Mouse clicks are taking three seconds to respond 
which is a real pain when you have to go through 4 mouse clicks to get where 
you want to go. 

Things I want to know more about:
Writing signatures and sharing signatures. I will also need to find out if I 
can use some standard format for localy written signatures.  (Snort 
standard?)

Anyway, things are looking good right now. We deploy in a coupe of months so I 
guess i'll have a few more things to say before then.

If anyone else is using Intruvert at all, let me know. 

Regards

Steve


---------------------------------------------------------------------------
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: