Re: Network hardware IPS
From: Andy Cuff [Talisker] (lists_at_securitywizardry.com)
Date: 09/29/03
- Previous message: Brian Laing: "RE: Test tools for IDS"
- In reply to: Alvin Wong: "Network hardware IPS"
- Next in thread: nick black: "Re: Network hardware IPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Alvin Wong" <alvin.wong@b2b.com.my>, <focus-ids@securityfocus.com> Date: Mon, 29 Sep 2003 19:00:02 +0100
Hi Alvin,
You may want to check out the salient details I collated for all the IPS
(Inline IDS) some time ago. As far as I know it's still current though they
seem a little thin on the ground
http://www.networkintrusion.co.uk/inline.htm
Hogwash - Is this still current?
Inline_Snort - Not sure if I found the official Home page
Intrushield
OneSecure - The site seems to be down (bites tongue about IPS)
RealSecure Guard - First one I played with
UnityOne
BorderGuard
I'm hoping some of the spotters or even Vendors (I'm not proud) can
highlight some that I'm missing. If you hear of any please let me know!
take care
-andy
Talisker Security Tools Directory
http://www.securitywizardry.com
----- Original Message -----
From: "Alvin Wong" <alvin.wong@b2b.com.my>
To: <focus-ids@securityfocus.com>
Sent: Monday, September 29, 2003 9:30 AM
Subject: Network hardware IPS
> Hi,
>
> I'm interested to find out if anyone can share their experiences or
> recommend a network hardware IPS that is deployed in front of the
> gateway which is able to detect attack signatures and at the same time,
> actively blocking out these attacks, alerting me in the process.
>
> This would be different from a passive IDS which depends on correlating
> the logs every time an alert pops up. An ideal solution would be to be
> able to detect the patterns and prevent them automatically, can a
> network IPS do this?
>
> I understand that it is possible in some IDS to do a TCP reset after one
> had confirmed that the connection is not acceptable, can anyone explain
> whether an IDS that can do this be actually "active" as opposed to
> passive?
>
> It would also be interesting if there could be some amount of trend
> analysis built in which can review the destination/source ip traffic
> over time, which can be used to identify particular boxes which are
> easily targeted, which would mean that more work needs to be done for
> that box.
>
> Regards,
> Alvin
>
>
>
> --------------------------------------------------------------------------
-
> Captus Networks IPS 4000
> Intrusion Prevention and Traffic Shaping Technology to:
> - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> - Automatically Control P2P, IM and Spam Traffic
> - Precisely Define and Implement Network Security & Performance Policies
> FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
> http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
> --------------------------------------------------------------------------
-
>
---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
- Previous message: Brian Laing: "RE: Test tools for IDS"
- In reply to: Alvin Wong: "Network hardware IPS"
- Next in thread: nick black: "Re: Network hardware IPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
