I take it from this that the compaq DL380 G3 would be suffice? regards
Craig -----Original Message----- From: Robert Graham [mailto:[EMAIL PROTECTED] Sent: 01 August 2003 05:54 To: Derek Nelson; 'John Taylor'; [EMAIL PROTECTED] Subject: Re: RS Guard (was: RE: [ISSForum] PAM and Sensor Version 7.0) Guard requires the use of the 3Com NICs. The reason is that we write our own drivers for them in order to get the sort of latencies you would expect from a 100-mbps switch. Unfortunately, even if you don't care about low-latencies, you still have to use these NICs -- the Guard code is hardwired into the custom 3Com NIC drivers. We know that normal PC platforms have poor PCI implementations and will drop packets. However, after extensive experience, we believe that any server-class platform based upon the ServerWorks chipset should be adequate. The two platforms we have officially validated (and which are officially supported) are based upon ServerWorks. --- Derek Nelson <[EMAIL PROTECTED]> wrote: > Hi John and All. > > We have customers installing Guard, but until the Proventia 'B' Series (the > new name for 'B' Series) comes out, we have had issue figuring out which > hardware to use. From a Compaq(HP) perspective, the only supported hardware > is the DL380 and DL380G2 servers. Both of these models are no longer > available in New Zealand and Australia. > > I am interested to know what hardware you run your Guard units on? Obviously > you still can use and get the 3C905C-TX-NM NICs or something similar - they > are still easy to source... > > Thanks, > - Derek. > ========================== > Derek Nelson > Technical Consultant > InterConnect Wellington > Ph: +64-4-494-1144 Fax: +64-4-494-1140 > DDI: +64-4-494-1142 Cell: +64-27-4577-056 > Web: <http://www.interconnect.co.nz> > > >-----Original Message----- > >From: John Taylor [mailto:[EMAIL PROTECTED] > >Sent: Wednesday, 30 July 2003 1:03 a.m. > >To: [EMAIL PROTECTED] > >Subject: RE: [ISSForum] PAM and Sensor Version 7.0 > > > > > >whoops! > > > >Forgot to stress that of course the PAM in Network Sensor helps detect > >faster, improves throughput and can detect "unknown" new > >exploits but of > >course as Network Sensor is a passive device it cannot block > >attacks so all > >the RSKill work is still necessary. (Another reason why we use > >realSecure > >Guard in-line rather than Network Sensor where possible). > > > >JT > > > >John Taylor | Director Security Products | Tolerant Systems Ltd | 01782 > >865026 | 07730 989255 > >This electronic message contains information from Tolerant > >Systems, which > >may be privileged or confidential. The information is intended > >for use only > >by the individual(s) or entity named above. If you are not the intended > >recipient, be aware that any disclosure, copying, distribution > >or use of the > >contents of this information is strictly prohibited. If you > >have received > >this electronic message in error, please notify me by > >telephone or email (to > >the number or email address above) immediately. > > > > > > > >-----Original Message----- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > >Sent: Tuesday, July 29, 2003 11:43 AM > >To: [EMAIL PROTECTED] > >Subject: RE: [ISSForum] PAM and Sensor Version 7.0 > > > > > >Hi, > > > >PAM is the Protocol Analysis Module which was developed by > >Network ICE in > >their Sentry, (Network Sensor), Guard, (in-line IPS) ICEAgent > >for Server > >(Server Sensor)and ICEAgent for Desktop (Desktop Protector). Since the > >purchase of Network ICE PAM has been gradually ported over to > >a number of > >ISS products to complement the existing weaker Signature based > >detection. > >The log filwe trailing capabilities where appropriate have > >been retained as > >Network ICE did not cover this. > > > >PAM basically is very fast packet decode and analysis, very similar to > >Sniffer if you know that as the same guys developed it who > >wrote Sniffer, > >the difference is that PAM is many times faster in decoding > >than Sniffer > >was. Taking windows as an example the simple methodology is that PAM in > >conjunction with other software enables a decision to be > >reached before the > >packet is applied to the upper layers of the ISO model hence > >an attack can > >be detected and blocked BEFORE it does damage hence the term Intrusion > >Protection asd opposed to Detection! > > > >Whilst all the older practices of RSKill etc are still > >maintained they are > >now almost redundant as the PAM makes it possible to close a > >port and drop > >an attack independant of any need to configure a RSKill, in > >addition as most > >new attacks are made up from parts of old, and the PAM is > >looking at the > >connection layer and monitorin the session it is possible to observe > >protocol anomalies and packet content and actually block new exploits > >without a signature. (Cool huh?) > > > >I installed the first prototype Guard from Network ICE in > >London on a vital > >link in 2001, (talk about taking risks!!) and it actually detected and > >stopped a new very serious exploit before it was made public! (cannot > >remember if it was code red or Nimda!). PAM and RealSecure > >Guard are the > >absolute stars of the IPS World, Guard handles 100MBps full duplex at > >theoretically 100% load and if you install it behind your > >Firewall in-path > >it protects all internet incoming attacks and by nature all > >desktops that > >are browsing internet! (I absolutely LOVE RealSecure Guard, we > >have put in > >hundreds and they work, unless we have to "tap" for dynamic > >load balanced > >links we always install Guard rather than Network Sensor with > >Server Sensor > >on all servers to protect from internal attack and desktop protector on > >remote notebook PC's, in my humble view Network Sensor is > >yesterday's way of > >doing things.) > > > >This is what makes ISS products the strongest in the market today. > > > >The PAM was incorporated into Network Sensor and Server Sensor > >with 7.0, it > >was always in Guard and desktop protector. > > > >Hope this helps! > > > >John > > > >John Taylor | Director Security Products | Tolerant Systems Ltd | 01782 > >865026 | 07730 989255 > >This electronic message contains information from Tolerant > >Systems, which > >may be privileged or confidential. The information is intended > >for use only > >by the individual(s) or entity named above. If you are not the intended > >recipient, be aware that any disclosure, copying, distribution > >or use of the > >contents of this information is strictly prohibited. If you > >have received > >this electronic message in error, please notify me by > >telephone or email (to > >the number or email address above) immediately. > > > > > > > >-----Original Message----- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > >Sent: Tuesday, July 29, 2003 1:30 AM > >To: [EMAIL PROTECTED] > >Subject: [ISSForum] PAM and Sensor Version 7.0 > > > > > > > >Hi > > > >Can anyone help answering the following questions ? > > > >A) PAM > > > > What is PAM and how does it work ? > > > >Does it only appear in network sensor 7.0 and server sensor 7.0 but not > >earlier > >versions ? > > > >Where can I find an official documentation on it ? The only > >thing I can find > >is > >the "Server Sensor Advanced Tuning Parameters Reference > >Document" but none > >for > >the network sensor. I don't think it explains the concept > >clearly either. > > > > > >B) Server sensor 7.0 > > > >Why is there suddenly a server sensor 7.0 for HP-UX but not for Solaris > >while > >there was only 6.5 for Solaris only ? > > > > > >Are they planning to release a 7.0 for Solaris too ? > > > > > >It is so confusing to me. > > > > > >TIA > >Bernard > > > > > >_______________________________________________ > >ISSForum mailing list > >[EMAIL PROTECTED] > > > >TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > >https://atla-mm1.iss.net/mailman/listinfo > > > >-- > >Is anybody else reading your confidential e-mails? > > > >If you need to be SURE that they are not, find out how by > >clicking below. > > > >http://www.tolerant.com/products/spotlight.asp > > > > > >This electronic message contains information from Tolerant > >Systems, which > >may be privileged or confidential. The information is intended for use > >only by the individual's) or entity named above. Be aware that any > >disclosure, copying, distribution or use of the contents of > >this information > >is strictly prohibited. If you have received this electronic message in > >error, please notify me by telephone or email (to the number or email > >address above)immediately. > > > >_______________________________________________ > >ISSForum mailing list > >[EMAIL PROTECTED] > > > >TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > >https://atla-mm1.iss.net/mailman/listinfo > > > >-- > >Is anybody else reading your confidential e-mails? > > > >If you need to be SURE that they are not, find out how by > >clicking below. > > > >http://www.tolerant.com/products/spotlight.asp > > > > > >This electronic message contains information from Tolerant > >Systems, which may be privileged or confidential. The > >information is intended for use > >only by the individual's) or entity named above. Be aware that any > >disclosure, copying, distribution or use of the contents of > >this information is strictly prohibited. If you have received > >this electronic message in error, please notify me by > >telephone or email (to the number or email address above)immediately. > > > >_______________________________________________ > >ISSForum mailing list > >[EMAIL PROTECTED] > > > >TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > https://atla-mm1.iss.net/mailman/listinfo > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo -- Is anybody else reading your confidential e-mails? If you need to be SURE that they are not, find out how by clicking below. http://www.tolerant.com/products/spotlight.asp This electronic message contains information from Tolerant Systems, which may be privileged or confidential. The information is intended for use only by the individual's) or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information is strictly prohibited. If you have received this electronic message in error, please notify me by telephone or email (to the number or email address above)immediately. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
