RE: Network IDS, or IPS, or Proxy?

From: Evans, Arian (Arian.Evans_at_fishnetsecurity.com)
Date: 08/19/03

  • Next message: Golomb, Gary: "RE: Belaboring the point of FPs (haha!)"
    Date: Tue, 19 Aug 2003 10:44:13 -0500
    To: "Duston Sickler" <dustons@charter.net>
    
    

    Duston,

    #We live in a 100% Windows world and the powers that be will
    #not be receptive to any *nix solutions. We are more the willing to pay
    for a
    #top of the line product as long is it is in fact top of the line.

    How about *appliances*? Since almost all security appliances
    are 1U Linux boxes...

    #Currently I have been looking at the Symantec Gateway Device. [...]
    #Does anyone have any comments on the Symantec Gateway device?

    I like a number of Symantec's solutions. That said, the Gateway device
    is:
    (1) Slow as dirt (it's got Raptor on it; what do you expect?)
    (2) Not much of a NIDS (with roughly 80 signatures)
    (ref:
    http://enterprisesecurity.symantec.com/content/displaypdf.cfm?PDFID=248
    )

    If you want NIDS, get a NIDS. If you want IPS, which is what it
    sounds like you want, check out Netscreen's IPS appliance. I
    think it's the cheapest worthwhile IPS on the market.

    I also highly recommend checking out ISS's Proventia appliances
    if you want a NIDS. If you want IPS, look at what ISS has coming
    down the pipe with the next two Proventia models.

    Both NAI's Intruvert and Tipping Point look very cool (for IPS). I think
    Vicki Irwin went to Tipping Point, so you'd expect the signatures to be
    sound. (Tipping Point has been focused on the high-end Enterprise,
    but you might see if they have any smaller boxes coming out soon.)

    If you really want a firewall/proxy/virus-scanner/limited IDS, Symantec
    has the following on their site regarding this new Gateway device:

    Beta Testing:
    The Enterprise Development Alliance Program is looking for qualified
    network administrators interested in beta testing Symantec's latest
    Security Appliance. If you would like more information, or are
    interested,
    please fill out an online application at:

    http://survey.confirmit.com/wi/p157744978/ctl.asp
      
    I am totally guessing you really want IPS due to the fact you brought
    up that Gateway box. The subject of your email was geared towards
    NIDS and you selected a box that's not much of a NIDS at all, which
    leaves me a little confused as to what you want.

    Cheers,

    Arian Evans
    Sr. Security Engineer
    FishNet Security

    Phone: 816.421.6611
    Toll Free: 888.732.9406
    Fax: 816.421.6677

    http://www.fishnetsecurity.com

    note: Text email is not Office XP friendly. Turn off the "remove
    extra line breaks" located at |Tools|Options|Email Options if
    it formats incorrectly. Why break text-based email by default?
    Ask Microsoft.

    The information transmitted in this e-mail is intended only for the addressee and may contain confidential and/or privileged material.
    Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information by persons or entities
    other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication
    in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network system.

    ---------------------------------------------------------------------------
    Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂ’s premier
    technical IT security event. Modeled after the famous Black Hat event in
    Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
    ---------------------------------------------------------------------------


  • Next message: Golomb, Gary: "RE: Belaboring the point of FPs (haha!)"