Re: Proventia G400

From: FinAckSyn (finacksyn_at_yahoo.co.uk)
Date: 10/27/05

  • Next message: tcp fin: "RPC Evasion techniques"
    Date: Thu, 27 Oct 2005 09:08:55 +0100 (BST)
    To: Valter Santos <vsantola@sectoid.com>, focus-ids@securityfocus.com
    
    

    Hi Valter,

    We are currently evaluating IPS vendors in order to
    make an informed choice about which is going to be
    best for our customers (we are a security
    consultancy/reseller).

    Unfortunately, ISS Proventia was one of the first to
    drop off the list. It's one of those that fell into
    our category of inline-IDS. Heavily signature
    reliant, PC-based, doesn't run standalone (needs
    external management), plus the requirement of an
    external unit to enable resiliency in case of
    Proventia hw/sw failure made the overall solution
    quite bulky. Even more so for a single-box
    deployment.

    Throughput of 400Mpbs seemed reasonable, but if you're
    going to include Gb ports on a device, in our opinion,
    that device should be able to handle a full Gb. It
    didn't handle 400Mbps of small packets very well,
    either, so you would need a separate DDOS device (ISS
    don't supply these) if true enterprise perimeter or
    hosting protection is required.

    SiteProtector software is excellent - one of the best.
     But you need to see through this and work out whether
    or not the device offers the protection you need,
    rather than choose a product based on appearance. The
    reports are also pretty nifty too.
    If we had to choose a product based on policy
    management and reporting, ISS would come pretty close
    to the top of the list.

    Digging deeper, we also looked for independent test
    results. We referred to www.nss.co.uk, whom offer the
    most thorough tests on the market. No sign of ISS,
    except in the old IPS Edition 1 test (non-current).

    We did hear on the grapevine that ISS (and Check
    Point, for that matter), both submitted their products
    for Edition 2 and 3 testing, but nothing came out of
    the other end. We can only assume that they declined
    to have their results published.

    Our thoughts? It's not really a true IPS. Next.

    Regards,

    Matt

    --- Valter Santos <vsantola@sectoid.com> wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Hi there,
    >
    > anyone out there is using ISS Proventia G400 series,
    > and is willing to
    > share some thoughts ?
    >
    > thanx
    > /valter
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.0 (GNU/Linux)
    >
    >
    iD8DBQFDXLlgR7pJvOKksgYRApuSAJ0XEwPrGGTmj73XPsUzA8/Yjv3PkACg0SJG
    > gpFJyahq23YI88HmK/29xFQ=
    > =tb4B
    > -----END PGP SIGNATURE-----
    >
    >
    ------------------------------------------------------------------------
    > Test Your IDS
    >
    > Is your IDS deployed correctly?
    > Find out quickly and easily by testing it
    > with real-world attacks from CORE IMPACT.
    > Go to
    >
    http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    >
    > to learn more.
    >
    ------------------------------------------------------------------------
    >
    >

                    
    ___________________________________________________________
    To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------


  • Next message: tcp fin: "RPC Evasion techniques"

    Relevant Pages