RE: IPS Comparison

• Previous message: Security Focus: "RE: IPS comparison"
• In reply to: Darwin: "IPS Comparison"
• Next in thread: JP Garcia: "RE: IPS Comparison"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <dmecham@nitrosecurity.com>, <pen-test@securityfocus.com>
Date: Tue, 26 Jul 2005 04:43:55 -0500

Actually, any IPS that is deployed as a Syn-Proxy in Bridging mode has this
same functionality, there are several out that perform this function and
don't even bother to mention it as it has become standard fare. One that
I'm very familiar with that does market this feature is Melior, Inc.'s
Barbican appliance www.ddos.com , they call it "cloaking". This is also
their primary method for defeating pen-test attempts. All of these
appliances are known to be limited in the number of TCP connections they can
handle and are primarily solutions for smaller enterprises, hence the
evolution of ASIC solutions for the larger enterprise. My favorite
Intel/*nix inline solution these days is Reflex Security; I've implemented
it at small and mid-size banks, and to date it has been the most effective,
simplest and least expensive solution for IDS/IPS that I've encountered; my
customers love it. www.reflexsecurity.com

The IDS focus list has covered IPS questions such as IP or no IP very
extensively, you'd very well served by scanning that list for related
discussions as many of the vendors' CTOs have chimed in to discuss the logic
behind their chosen configurations and most importantly their customers as
well.

-MD

Feel free to ask me offlist about the best kept secret in Certification
Training CertTest.com CISSP, PMP, CISA/CISM, NSA IAM/IEM, BCP. If you or
your people need to Cert up, this is the place to go. Their HQ office is
right next door to me, I've seen first hand what a crack job these guys do.

-----Original Message-----
From: Darwin [mailto:dlmecham@gmail.com]
Sent: Monday, July 25, 2005 11:56 PM
To: pen-test@securityfocus.com
Subject: IPS Comparison

Hi,

Regarding IPS proucts.

Take a look at http://www.nitrosecurity.com
This IPS is deployed without an IP address making it invisible.

Best Regards,

Darwin Mecham, CISSP

• Previous message: Security Focus: "RE: IPS comparison"
• In reply to: Darwin: "IPS Comparison"
• Next in thread: JP Garcia: "RE: IPS Comparison"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: IPS Reliability/Availability ... are you saying that most of our customers routinely experience 75% hardware failure rates and we're somehow managing to cover this up or do you think this was an isolated incident? ... Can you imagine the cost to us in in terms of overhead for our customers with 100+ sensors if that were a true indication of the reliability of our gear? ... our IPS appliances offer zero power fail-open NICs as well. ... with real-world attacks from CORE IMPACT. ... (Focus-IDS) AW: Logging Traffic by user @ OpenSSH 3.8.1 ... the same entity as IPs... ... > SSH traffic for specific machines. ... > customers use SSH on that machine, we need to log the traffic amount ... if you know how to creat and manage a trafic counter or something like ... (SSH) Re: basic question about assigning ip address ... provides 8 static IPs ... other home packages only provide 1 static IP. ... provide more and customers who were with them when they did got grand ... ISP with only that many IPs unless you started providing your ... (Fedora) RE: IPS Reliability/Availability ... as an option with free IPS strata guard free. ... are you saying that most of our customers routinely ... 100+ sensors if that were a true indication of the reliability of our ... with real-world attacks from CORE IMPACT. ... (Focus-IDS)