RE: Network IDS, or IPS, or Proxy?

From: Evans, Arian (
Date: 08/19/03

  • Next message: Golomb, Gary: "RE: Belaboring the point of FPs (haha!)"
    Date: Tue, 19 Aug 2003 10:44:13 -0500
    To: "Duston Sickler" <>


    #We live in a 100% Windows world and the powers that be will
    #not be receptive to any *nix solutions. We are more the willing to pay
    for a
    #top of the line product as long is it is in fact top of the line.

    How about *appliances*? Since almost all security appliances
    are 1U Linux boxes...

    #Currently I have been looking at the Symantec Gateway Device. [...]
    #Does anyone have any comments on the Symantec Gateway device?

    I like a number of Symantec's solutions. That said, the Gateway device
    (1) Slow as dirt (it's got Raptor on it; what do you expect?)
    (2) Not much of a NIDS (with roughly 80 signatures)

    If you want NIDS, get a NIDS. If you want IPS, which is what it
    sounds like you want, check out Netscreen's IPS appliance. I
    think it's the cheapest worthwhile IPS on the market.

    I also highly recommend checking out ISS's Proventia appliances
    if you want a NIDS. If you want IPS, look at what ISS has coming
    down the pipe with the next two Proventia models.

    Both NAI's Intruvert and Tipping Point look very cool (for IPS). I think
    Vicki Irwin went to Tipping Point, so you'd expect the signatures to be
    sound. (Tipping Point has been focused on the high-end Enterprise,
    but you might see if they have any smaller boxes coming out soon.)

    If you really want a firewall/proxy/virus-scanner/limited IDS, Symantec
    has the following on their site regarding this new Gateway device:

    Beta Testing:
    The Enterprise Development Alliance Program is looking for qualified
    network administrators interested in beta testing Symantec's latest
    Security Appliance. If you would like more information, or are
    please fill out an online application at:
    I am totally guessing you really want IPS due to the fact you brought
    up that Gateway box. The subject of your email was geared towards
    NIDS and you selected a box that's not much of a NIDS at all, which
    leaves me a little confused as to what you want.


    Arian Evans
    Sr. Security Engineer
    FishNet Security

    Phone: 816.421.6611
    Toll Free: 888.732.9406
    Fax: 816.421.6677

    note: Text email is not Office XP friendly. Turn off the "remove
    extra line breaks" located at |Tools|Options|Email Options if
    it formats incorrectly. Why break text-based email by default?
    Ask Microsoft.

    The information transmitted in this e-mail is intended only for the addressee and may contain confidential and/or privileged material.
    Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information by persons or entities
    other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication
    in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network system.

    Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂ’s premier
    technical IT security event. Modeled after the famous Black Hat event in
    Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit:

  • Next message: Golomb, Gary: "RE: Belaboring the point of FPs (haha!)"

    Relevant Pages

    • Re: IDS vs. IPS deployment feedback
      ... an enterprise network and its security? ... I manage information security for an organization of 3500 employees;-). ... You have to size your IPS accordingly. ... enterprise networks are complex and have limited resources to handle ...
    • RE: adding another defence layer against viruses/worms
      ... Internal auditor - Information security ... which heuristic IPS would you suggest for this task? ... Securing Apache Web Server with thawte Digital Certificate ...
    • RE: IDSIPS that can handle one Gig
      ... the need for IPS ... I hear this every now and then from security people, ... I have yet to see an environment (and I am a consultant so I see ... single Microsoft Windows patch. ...
    • [Suspected Spam]RE: Re: I love the smell of whining in the morning...
      ... security conferences we see nowadays. ... what is the big deal if one of the IPS players got bad results? ... Securing Your Online Data Transfer with SSL. ... A guide to understanding SSL certificates, ...
    • RE: NIPS Vendors explicit answer
      ... >> has been pointing out that the real measure of security is how ... When there's an IPS ... > security community is starting to slap patches and products ... we're still reacting to viruses like we did ...