Re: Proventia G400

• Previous message: Dave Aitel: "Re: RPC Evasion techniques"
• In reply to: FinAckSyn: "Re: Proventia G400"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 28 Oct 2005 16:29:19 +0800
To: FinAckSyn <finacksyn@yahoo.co.uk>

I also did some extensive evaluation of various IPS sometimes ago.I
remember that the same points were told to me by one of the competitors
of Proventia, but later I found most of them are mud slinging type
facts. I recall from my experience that:

#1: Proventia G400 has a standalone Local Management Interface. It
doesn't require a SiteProtector to manage and is optional.
#2: The by-pass feature which is passing the traffic fail-open in case
of IPS appliance failure, is built-in for Copper interfaces. For fibre
interfaces, it is external. FYI, some IPS vendors do not have this
feature at all.
#3: It is not purely signature reliant.

Regarding NSS reports, only the vendor can explain.

FinAckSyn wrote:

>Hi Valter,
>
>We are currently evaluating IPS vendors in order to
>make an informed choice about which is going to be
>best for our customers (we are a security
>consultancy/reseller).
>
>Unfortunately, ISS Proventia was one of the first to
>drop off the list. It's one of those that fell into
>our category of inline-IDS. Heavily signature
>reliant, PC-based, doesn't run standalone (needs
>external management), plus the requirement of an
>external unit to enable resiliency in case of
>Proventia hw/sw failure made the overall solution
>quite bulky. Even more so for a single-box
>deployment.
>
>Throughput of 400Mpbs seemed reasonable, but if you're
>going to include Gb ports on a device, in our opinion,
>that device should be able to handle a full Gb. It
>didn't handle 400Mbps of small packets very well,
>either, so you would need a separate DDOS device (ISS
>don't supply these) if true enterprise perimeter or
>hosting protection is required.
>
>SiteProtector software is excellent - one of the best.
> But you need to see through this and work out whether
>or not the device offers the protection you need,
>rather than choose a product based on appearance. The
>reports are also pretty nifty too.
>If we had to choose a product based on policy
>management and reporting, ISS would come pretty close
>to the top of the list.
>
>Digging deeper, we also looked for independent test
>results. We referred to www.nss.co.uk, whom offer the
>most thorough tests on the market. No sign of ISS,
>except in the old IPS Edition 1 test (non-current).
>
>We did hear on the grapevine that ISS (and Check
>Point, for that matter), both submitted their products
>for Edition 2 and 3 testing, but nothing came out of
>the other end. We can only assume that they declined
>to have their results published.
>
>Our thoughts? It's not really a true IPS. Next.
>
>Regards,
>
>Matt
>
>
>--- Valter Santos <vsantola@sectoid.com> wrote:
>
>
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Hi there,
>>
>>anyone out there is using ISS Proventia G400 series,
>>and is willing to
>>share some thoughts ?
>>
>>thanx
>>/valter
>>-----BEGIN PGP SIGNATURE-----
>>Version: GnuPG v1.4.0 (GNU/Linux)
>>
>>
>>
>>
>iD8DBQFDXLlgR7pJvOKksgYRApuSAJ0XEwPrGGTmj73XPsUzA8/Yjv3PkACg0SJG
>
>
>>gpFJyahq23YI88HmK/29xFQ=
>>=tb4B
>>-----END PGP SIGNATURE-----
>>
>>
>>
>>
>------------------------------------------------------------------------
>
>
>>Test Your IDS
>>
>>Is your IDS deployed correctly?
>>Find out quickly and easily by testing it
>>with real-world attacks from CORE IMPACT.
>>Go to
>>
>>
>>
>http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>
>
>>to learn more.
>>
>>
>>
>------------------------------------------------------------------------
>
>
>>
>>
>
>
>
>
>___________________________________________________________
>To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com
>
>------------------------------------------------------------------------
>Test Your IDS
>
>Is your IDS deployed correctly?
>Find out quickly and easily by testing it
>with real-world attacks from CORE IMPACT.
>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>to learn more.
>------------------------------------------------------------------------
>
>
>
>

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

• Previous message: Dave Aitel: "Re: RPC Evasion techniques"
• In reply to: FinAckSyn: "Re: Proventia G400"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]