IPS

Security as a network function, not such a good idea

Cisco Subnet — Mon, 17 Nov 2008 13:34:51 -0500

A researcher says product tests indicate that adding security functions into your Cisco network can kill network performance. NSS Labs will publish its findings about firewalls, IPS and UTM early next year, but NSS Labs CEO Vik Phatak says there are clearly performance drawbacks to using the Cisco security functions in routers and switches.

Read more

No surprise

Schratboy — Tue, 11 Nov 2008 09:21:41 -0500

Of course the IPS people are going to say DOS attacks are on the rise. They want to sell more devices and convince people that they can't manage their networks without them! Strong access control, configuration management, proper firewall set-up and baseline awareness of what "should be" on the network are great practices that can be done WITHOUT having to burn cash on an IPS. It's easier to know what you should have than to constantly try to hunt down what shouldn't be there. That's why it's called "management!"

NAC not IPS

toddhooper — Thu, 30 Oct 2008 10:45:37 -0400

That's what I was blogging about Tim - the NAC appliance McAfee announced they would ship in Q1 2009. Clearly they couldn't build an IPS product from the assets of Lockdown because Lockdown didn't have an IPS.

Good Review

Mon, 04 Aug 2008 20:17:41 -0400

I too was impressed with interface on IPS-1. It's nice to see Check Point moving back into the IDS/IPS arena.

Cisco security under attack at Black Hat/DefCon

Cisco Subnet — Fri, 01 Aug 2008 15:27:31 -0400

Security in Cisco gear will be under scrunity next week as security researchers put Cisco security through its paces at Black Hat/DefCon. WLAN IPS vendor AirTight Networks will show how it's possible with some implementations of 802.11w in vendor equipment to conjure up an attack that hits WLAN access points with malformed packets, not bringing them down but triggering a disconnection response in their WLAN clients, writes Ellen Messmer in Network World.

Read more

Cisco IPS vulnerability patched today

Cisco Subnet — Wed, 18 Jun 2008 18:17:12 -0400

Cisco Security released a patch today that fixes a vulnerability in its Intrusion Prevention System. Cisco says that its IPSs "that have gigabit network interfaces installed and are deployed in inline mode contain a denial of service vulnerability in the handling of jumbo Ethernet frames.

Read more

Ease of Use comes in Cisco's IPS 6.1 release. Should Cisco competitors be afraid?

jheary — Tue, 06 May 2008 18:34:38 -0400

Cisco released the IPS 6.1 minor release upgrade early last week. It sports a newly minted GUI manager/monitor and has a couple new features worth noting. The new GUI manager/monitor called IPS Manager Express (IME) is leaps above the previous GUI.

Read more

Cisco security gear + reputation services = good thing

Cisco Subnet — Tue, 22 Apr 2008 17:46:29 -0400

Scott Weiss is right when he says that adding reputation to Cisco's security gear is important. And Cisco is right about giving over control of its classic security gear - firewalls, VPNs, IPSes - to Weiss, who was brought into Cisco about a year ago when Cisco bought Ironport. Now Weiss says he wants to cross-pollenate engineers from his former company and Cisco's security engineers to see what they can come up with.

Read more

Big-Time Wireless Security - As a Service

Craig Mathias — Tue, 08 Apr 2008 18:16:56 -0400

It's hard not to recommend some form of IDS/IPS in any enterprise-class WLAN installation. But there's usually some pushback when it comes to the price of this capability; after all, we're installing sensors and servers and software and the cost can add up quickly. Some organizations thus (foolishly, I believe) forgo having a suitable IDS/IPS installed. I'm personally so concerned about WLAN security that I have a small-business-class IDS/IPS system installed in my office, protecting all of six APs.

On the other hand - and hearing about this was a smack-myself-in-the-forehead moment - why not provision IDS/IPS as a service, effectively leasing the infrastructure and offering the rest as a managed service?

Read more

Is the CCSP Cert worth it?

brandon — Fri, 28 Mar 2008 17:09:01 -0400

So is it worth all that time you would have to put in to get the CCSP? For those of you who are just joining me you haven't missed much. This happens to be my first of a month long session of Blogging here at NWW. When I decided to do this I has to choose something that I felt would be relevant to you. I decided to stick with what I'm good at and focus in the realm of security, and since i've been training folks for the last 7 years on how to use the PIX, ASA, IPS, Cisco Routers, and AAA I decided to stick with that.

So to start out, I want to throw the ball into your hands. Do you think its worth it? There are a number of tests you can take. SND, SNRS, IPS, and SNPA are the core but what about CANAC, MARS, HIPS? I'd like to know if you see a benefit in getting certified.

Read more

RE: Sourcefire boasts strong IPS management toolset

alvarius — Tue, 22 Jan 2008 13:55:45 -0500

I find it peculiar that the author is putting an IPS product and a Firewall under the same umbrella. The fact that both products are capable of blocking traffic doesn't make them the same group. Same as in Math, two objects that shares the same property doesn't necessary make them belong to the same group. The Author missed the entire point in this case. Knowing the product the Author of this article had tested - what policy did the author deploy? was it the default policy? no modifications? what, one size fits all?? Did the author tried to change the policy? I did on that product and I block 95% of the attacks right of the bat leaving me 5% making up in writing my own snort rules.

Read more

Cisco Releases New 4Gbps IPS 4270 Appliance

jheary — Wed, 05 Dec 2007 12:29:21 -0500

Cisco has finally entering the high speed IPS market segment! Cisco’s is shipping the IPS 4270 IPS Appliance which can deliver up to 4Gbps of real-world media-rich traffic inspection. Cisco is proud of the fact that this benchmark number was achieved with the Cisco recommended IPS protection settings enabled on the 4270. They used real-world, stateful traffic flows in their testing. Cisco has not released the best case, pie in the sky, UDP performance numbers of the 4270 yet. But it has released expected real-world performance numbers if you deploy the 4270 in a highly transactional environment like e-commerce or IP Voice. This type of environment will drop performance down to 2Gbps of IPS inspection.

Read more

IPS (intrusion-prevention system)

Inbox — Tue, 13 Nov 2007 12:25:38 -0500

An intrusion-prevention system (IPS) is an inline security device that performs deep-packet inspection to identify and block malicious traffic. IPSs are considered an improvement over intrusion-detection systems (IDS), which are passive devices that simply identify an attack but take no action to block it.

IPSs are designed to respond in real time to attacks by dropping packets deemed malicious. IPSs are designed to block application-layer attacks, all the way up to Layer 7.

BlackICE from NetworkICE is considered the first commercial IPS. It was launched in 1998. NetworkICE was purchased in 2000 by Internet Security Systems, which is now part of IBM.

Read more

Security Collaboration: Cisco IPS and Cisco Wireless

jheary — Wed, 26 Sep 2007 15:30:19 -0400

Not many people realize that the Cisco IPS 4200 Series sensors can collaborate with a Cisco Wireless LAN Controller(WLC) to defend the network. This solution allows you to extend your security protection way beyond what the embedded wireless signatures can offer. It moves your wireless attack detection/prevention capabilities from the solely Layer 2 realm, that embedded wireless signatures offer, into the Layer 2-7 realm. And since Layer 2-7 protection is arguably where you want/need to be this solution gets you there.

Read more

New IOS Router security feature dynamically defends against day zero attacks

jheary — Fri, 17 Aug 2007 15:32:52 -0400

Automatic Signature Extraction (ASE) is a new feature in IOS release 12.4(15)T1 that is designed to find and stop worms and viruses on the network, day zero. To quote from one of the ASE developers Tin Yen, “the ASE feature is configured in the network to extract content specific signatures (often referred to as “patterns”) to help identify fast spreading worms and viruses by leveraging advanced deep packet inspection techniques”.

Read more

Cisco 8Gbps IPS solution for the Datacenter

jheary — Mon, 13 Aug 2007 15:18:32 -0400

Deploying an IPS solution in a datacenter can be a tricky affair. If not deployed properly, an IPS solution can severely affect the resiliency, performance, and security of a datacenter. Cisco’s IPS solution has been extensively tested to make sure it meets the stringent requirements of today’s complex datacenter (DC) environments. Cisco’s IPS solution is highly available, fast (8gbps), and scalable. It’s ability to complement, rather than clash, with a datacenter designed around Cisco’s routing and switching best practices makes it unique in the industry. Let’s take an in-depth look at this solution. First let’s start with a model Cisco Approved datacenter architecture, based on Cisco’s best practices.

Read more

CPI Solutions has achieved Cisco's advanced security specialization, do enterprise customers value it?

Brad Reese — Wed, 21 Mar 2007 20:58:48 -0400

"CPI has offered security consulting in some way, shape or form for approximately 10 years. There is no more profound need amongst companies today. The quality and availability of their data relies on it." "We find Cisco’s suite of security technologies to be the most complete and comprehensive in the industry. Becoming a Cisco Advanced Security Partner greatly enhances our knowledge base while positioning us as one of the leading security partners in California." "Security concerns will become even more dramatic in the years to come. Planting the seeds and beginning the implementation of protective measure today will go along way towards corporate comfort in the future," said Arnie Friedman, president and founder of CPI Solutions.

CPI is one of only twenty-nine Cisco partners in the United States to have both Silver Partner status and the Advanced Security Specialization. To attain the specialization, CPI Solutions had to focus on the entire suite of Cisco security products, including:

Acknowledged by Deloitte & Touche as the 18th fastest-growing technology company in the Los Angeles area, CPI continues to add to its consulting staff at a rapid clip.

CPI Network Solutions also achieved Cisco's VPN Security Specialization and Cisco's Advanced Unified Communications Specialization. Most important of all, CPI Solutions has been recognized with highest distinction for achieving Cisco Customer Satisfaction Excellence. If one were to use CPI Solutions as an example, it certainly appears that advanced Cisco specialization and superb Cisco customer satisfaction go hand-in-hand. But I still feel compelled to ask, do enterprise customers value Cisco's advanced security specialization? http://www.BradReese.Com

Read more

Hyping IPS to death

Adam Gaffin — Mon, 26 Sep 2005 09:41:16 -0400

Over at the Esphion blog, Juergen reports that more and more customers are pulling money out of IPS projects and putting them into other security efforts, such as network behavior anomaly protection. Darn vendors, he says:

... These are good devices, which really work. The problem is that claims for their capabilities have been blown out of proportion. Therefore, customer expectations have been elevated to levels, which the technology cannot meet in the real world. ...

Read more