Re: IPS comparison

From: DokFLeed (dokfleed_at_dokfleed.net)
Date: 07/26/05

  • Next message: Security Focus: "RE: IPS comparison" 
    To: "bw" <bjshhsjb@yahoo.com>, <pen-test@securityfocus.com>
Date: Tue, 26 Jul 2005 13:16:46 +0400

    bw,
    I made something similar lately,
    first of all start with http://www.nss.co.uk/
    personally I would go with TopLayer, the only once passed both tests.

    another thing, take a look at the products history, things like
    who started as an IPS not an IDS, who is ASIC based , how many proven
    concurrent connections it can handle ,
    does it follow a protocol analysis or signatures throw & catch.

    finally for reference if it makes any sense
    · The lack of a stateful firewall for all connections and policy
    control. A hardware limit of 10,000 signatures, which can all be used up if
    diverse policies are specified for different segments or IP addresses with
    existing signatures, leaving no room for expansion.
    · The lack of effective high availability solutions that increase
    performance and scalability cannot reliably support asymmetry in networks HA
    decreases performance significantly.
    · Lack of network infrastructure class reliability, required for
    in-line deployments.
    · Close to 100% reliance on IDS like signatures for protection.
    Digital Vaccine, or automatic signature updates on an inline infrastructure
    device is thus necessary, and poses a risk of automated blocking of real
    world business traffic, and potentially violates network change control
    policies.
    · No real world Denial of Service (DoS) or DDoS protection.
    · Built around an off the shelf Layer 2 switch ASIC and off the
    shelf network processors, even claimed latency at between 1ms and 215 ?s is
    too high for inline deployments.

    TopLayer series handle around 30,000 connection with a latency of 0.04 ms
    and 0.08 ms with deep inspection enabled

    Please disregard it, if it does not make any sense :)

    DokFLeed
    Smoke Dope, Eat Soap, Fly Home in a Bubble

    ----- Original Message -----
    From: "bw" <bjshhsjb@yahoo.com>
    To: <pen-test@securityfocus.com>
    Sent: Monday, July 25, 2005 8:52 PM
    Subject: IPS comparison

    I have been tasked with comparing IPS appliances. I am
    seriously looking at top layer's product line and
    tipping point. Does anyone have a spread*** or know
    of any tool they would be willing to share for
    comparing products. Im new to this so any help would
    be appreciated

    thank you

    __________________________________________________
    Do You Yahoo!?
    Tired of spam? Yahoo! Mail has the best spam protection around
    http://mail.yahoo.com

  • Next message: Security Focus: "RE: IPS comparison"