Symantec Gateway Security
From: Dante Mercurio (dmercurio@ccgsecurity.com)Date: 06/19/02
- Previous message: Wang, Jack: "syslog management"
- Next in thread: Chad Skipper: "Re: Symantec Gateway Security"
- Reply: Chad Skipper: "Re: Symantec Gateway Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Jun 2002 12:02:42 -0400 From: "Dante Mercurio" <dmercurio@ccgsecurity.com> To: <focus-ids@securityfocus.com>
I have a customer interested in this device because of it's all
encompassing border security features, including IDS. I have never
installed one of these so this information is here-say from a symantec
engineer. According to him, the IDS on this device has about 80
signatures, and they can directly change security policy by adding
blocked IP's to the device. Either the rules are on, or off. In
addition, there is no way to add exceptions to this (like root DNS), and
no way to edit the block time. It would appear that a DOS on this system
would be very easy with forged packets once you know what signatures
it's using. In addition, the signatures are updated with their Live
Update subscription. Anyone know if this means the signatures pushed
down are automatically enabled?
Anyone have any further info on this device? Should I steer my customer
away from it?
M. Dante Mercurio, CCNA, MCSE+I, CCSA
dmercurio@ccgsecurity.com
Consulting Group Manager
Continental Consulting Group, LLC
www.ccgsecurity.com
- Previous message: Wang, Jack: "syslog management"
- Next in thread: Chad Skipper: "Re: Symantec Gateway Security"
- Reply: Chad Skipper: "Re: Symantec Gateway Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
