You should also check for controllable latency. A box could be
technically "up", but having problems and introducing latency. You
should ask each vendor why they might add latency (fragmentation and
session reassembly are potential ones I can think of), what happens when
CPU's get taxed too high, if latency is controllable. The classic
example is the vendor "pulling the plug" on the box and showing you the
bypass capability. But, there are worse scenarios than pulling the
plug. Controllable/configurable latency should be something you might
want to look at in a vendor.
thanks,
dave
David W. Goodrum, CEH
(nfr)(security)
http://www.nfr.com
(M)703.731.3765
(O)240.747.3425
(F)240.632.0200
Wes Young wrote:
http://www.netoptics.com/products/product_family_details.asp?Section=products&pid=99&cid=5
On Thu, 2006-02-02 at 15:51 -0600, Chris Serafin wrote:
I know from the short time I worked for a Juniper reseller, the Juniper IPS
has a separate box [very small] that does like a HA link to the IPS, so if
the IPS fails, the traffic routed straight throught the network with no IPS
Chris Serafin
IT Security / VoIP Engineer
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 02, 2006 10:27 AM
To: [email protected]
Subject: IPS Reliability/Availability
I am working on a big IPS project and I am very concerned about installing
an inline device in a core enterprise network, where these devices have the
potential to create big time network outages.
Can you, please, share your possible bad experiences about the reliability
of the following inline IPS products:
ISS
TippingPoint
Juniper IPS
Sourcefire
McAfee IntruShield
Have you had any issues with the availability of these devices, such as fail
close crashes or do you have any experience with bypass switches that would
mitigate the availability issue?
Thanks,
Mike
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
--
David W. Goodrum, CEH
(nfr)(security)
http://www.nfr.com
(M)703.731.3765
(O)240.747.3425
(F)240.632.0200
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
