|
osdir.com mailing list archive |
|
Subject: RE: Top Layer Attack Mitigator - Experience? - msg#00114List: security.idsWe've been using TL 2800 platform for about 6 months and recently switched to their new 5500 platform. Our experience has been quite good regarding the hardware and also we feel we are working with guys who really have experience in DDoS. That's the best part of TL; They have very knowledgeable security engineers with real experience on high traffic attacks and they just make sure the IPS fits well on your infrastructure. Hardware side, let me tell you this: we went through really dificult times with huge attacks. As most companies it took us completely unprepared. Our PIX 535 behaved like a small hub during the attacks, completely unoperational and unable to sustain the SYNs/sec traffic. So we went shopping and of course went to the big names first. We initially deployed a NetScreen 5200 and after a couple of attacks it became useless as well. At that point our ISP suggested TL. We were not sure at the beginning since the company can be considered small if compared with Cisco and NS, but TL offered us a trial. This just worked well. They even tested the IPS deployment with IXIA traffic generators and proved to us that the 2800 (it is a cluster of 8 IPS) sustained attacks of 550-600,000 SYNs/sec. We haven't had very large attacks since then (only small attacks of about 60,000 SYNS/sec), but after the equipment being working flawlessly for the las 6 months we are pretty confident we are in good hands. The only thing I could mentioned for the 2800 was the management interface. It seemed clumsy to me at times but the new platform (5500) has made excellent improvements on this side. They also lack a very comprehensive MIB but the enhancements to the alarms triggering mechanism (you can now generate syslog messages that alert when SYNs/sec are above a threshold level), are steps on the right direction. This guys seemed to work hard improving their IPS offer, they have made the architecture more modular and even added a Firewall module which should help network engineers to enforce security policies and save some CPU cycles on the IPS unit. Overall I see the TL guys in a very confortable position on the IPS market and if their support continues to be as good, they'll just doing the right stuff. James. Thread at a glance:
Previous Message by Date: click to view message previewMcAfee InterceptAll, Who can give me some insight in the HIDS capabilities of McAfee's Entercept productline ? Has this product functionality to: * monitor system logfiles (syslog -- windows event log -- IIS logs --Apache logs -- ...) * detect filechanges (a la Tripwire), * IPS: Buffer Overflow detection -- 'strange' syscalls -- API call surveillance * monitor all data packets sent/received by the stack on the host (Network Node IDS) Are there any HIDS products on the market yet that provide all of this functionality? Thx, Michael. -------------------------------------------------------------------------- FREE Network Security Webinar - How to implement IPSec security into VPN appliances New threats and vulnerabilities require new high-performance IPSec VPN solutions for network protection. Join the security experts from SafeNet on August 26 at 1:00 PM (Eastern), and learn how to successfully integrate IPSec security into VPN processors and appliances to provide powerful yet cost-effective VPN solutions for your customers. Register now: http://www.securityfocus.com/sponsor/SafeNet_focus-ids_040817 -------------------------------------------------------------------------- Next Message by Date: click to view message previewRe: McAfee Intercepthttp://www.phrack.org/show.php?p=62&a=5 On Thu, 26 Aug 2004 09:13:20 +0200, Tr8shCan <tr8shcan@xxxxxxxx> wrote: > All, > > Who can give me some insight in the HIDS capabilities of McAfee's > Entercept productline ? > > Has this product functionality to: > * monitor system logfiles > (syslog -- windows event log -- IIS logs --Apache logs -- ...) > * detect filechanges (a la Tripwire), > * IPS: Buffer Overflow detection -- 'strange' syscalls -- API call > surveillance > * monitor all data packets sent/received by the stack on the host > (Network Node IDS) > > Are there any HIDS products on the market yet that provide all of this > functionality? > > Thx, > Michael. > > -------------------------------------------------------------------------- > FREE Network Security Webinar - How to implement IPSec security into VPN > appliances > > New threats and vulnerabilities require new high-performance IPSec VPN > solutions for network protection. > Join the security experts from SafeNet on August 26 at 1:00 PM (Eastern), and > learn how to successfully integrate IPSec security into VPN processors and > appliances to provide powerful yet cost-effective VPN solutions for your > customers. > Register now: > > http://www.securityfocus.com/sponsor/SafeNet_focus-ids_040817 > -------------------------------------------------------------------------- > > Previous Message by Thread: click to view message previewRe: Top Layer Attack Mitigator - Experience?In-Reply-To: <20040813164655.80594.qmail@xxxxxxxxxxxxxxxxxxxxxxxxx> I have the experience in handling the Top Layer IPS 100 and 1000 series, but still learning on Top Layer IPS 5500-100, 500 and 1000. The IPS 100 and 1000 series more on departmental and also can be implemented in enterprise level... But IPS5500 are the more flexible and more reliable... ***P/s: sorry for my bad english... but I still like to share... TQ >Received: (qmail 3417 invoked from network); 16 Aug 2004 13:32:01 -0000 >Received: from mail2.securityfocus.com (205.206.231.1) > by mail.securityfocus.com with SMTP; 16 Aug 2004 13:32:01 -0000 >Received: (qmail 32080 invoked by alias); 16 Aug 2004 13:33:49 -0000 >Delivered-To: archive-focus-ids@xxxxxxxxxxxxxxxxx >Received: (qmail 32067 invoked from network); 16 Aug 2004 13:33:49 -0000 >Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) >(205.206.231.26) > by mail2.securityfocus.com with SMTP; 16 Aug 2004 13:33:49 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com >[205.206.231.19]) > by outgoing2.securityfocus.com (Postfix) with QMQP > id 42F3F1436EF; Mon, 16 Aug 2004 07:34:33 -0600 (MDT) >Mailing-List: contact focus-ids-help@xxxxxxxxxxxxxxxxx; run by ezmlm >Precedence: bulk >List-Id: <focus-ids.list-id.securityfocus.com> >List-Post: <mailto:focus-ids@xxxxxxxxxxxxxxxxx> >List-Help: <mailto:focus-ids-help@xxxxxxxxxxxxxxxxx> >List-Unsubscribe: <mailto:focus-ids-unsubscribe@xxxxxxxxxxxxxxxxx> >List-Subscribe: <mailto:focus-ids-subscribe@xxxxxxxxxxxxxxxxx> >Delivered-To: mailing list focus-ids@xxxxxxxxxxxxxxxxx >Delivered-To: moderator for focus-ids@xxxxxxxxxxxxxxxxx >Received: (qmail 5435 invoked from network); 13 Aug 2004 10:22:24 -0000 >Message-ID: <20040813164655.80594.qmail@xxxxxxxxxxxxxxxxxxxxxxxxx> >Date: Fri, 13 Aug 2004 09:46:55 -0700 (PDT) >From: Michael McDonough <mpm@xxxxxxxxxxx> >Subject: Top Layer Attack Mitigator - Experience? >To: focus-ids@xxxxxxxxxxxxxxxxx >MIME-Version: 1.0 >Content-Type: text/plain; charset=us-ascii >X-Spam-Checker-Version: SpamAssassin 3.0.0-r20550 (2004-05-28) on > mail.securityfocus.com >X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=failed > version=3.0.0-r20550 >X-Spam-Level: > >Does anyone have specific experience with this >product? Any of the product line (100/1000 - 5500) >would be of interest. > >Thanks in advance! > >Mike > >-------------------------------------------------------------------------- >Test Your IDS > >Is your IDS deployed correctly? >Find out quickly and easily by testing it with real-world attacks from CORE >IMPACT. >Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to >learn more. >-------------------------------------------------------------------------- > > -------------------------------------------------------------------------- FREE Network Security Webinar - How to implement IPSec security into VPN appliances New threats and vulnerabilities require new high-performance IPSec VPN solutions for network protection. Join the security experts from SafeNet on August 26 at 1:00 PM (Eastern), and learn how to successfully integrate IPSec security into VPN processors and appliances to provide powerful yet cost-effective VPN solutions for your customers. Register now: http://www.securityfocus.com/sponsor/SafeNet_focus-ids_040817 -------------------------------------------------------------------------- Next Message by Thread: click to view message previewSwitch Port MirroringH, A while ago someone asked the list for the syntax for enabling port mirroring on his switch, thinking that this would be useful to us all I have created a page with this information on it. Thus far I have Extreme, Foundry and the Cisco 2950 at http://www.securitywizardry.com/switch.htm If anyone would like to submit any others I'd love to hear from them cheers -andy Talisker's Computer Security Portal Computer Network Defence Ltd http://www.securitywizardry.com -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- Loading Comments...
|
|
