intrusion prevention

Ease of Use comes in Cisco's IPS 6.1 release. Should Cisco competitors be afraid?

jheary — Tue, 06 May 2008 18:34:38 -0400

Cisco released the IPS 6.1 minor release upgrade early last week. It sports a newly minted GUI manager/monitor and has a couple new features worth noting. The new GUI manager/monitor called IPS Manager Express (IME) is leaps above the previous GUI.

Read more

NSA holds 8th annual Cyber Defense Exercise

Noah Schiffman — Wed, 23 Apr 2008 00:22:07 -0400

The National Security Agency/Central Security Service (NSA/CSS) Information Assurance Directorate is currently holding its 8th Annual Cyber Defense Exercise. It started on April 21^st and will be coming to a close this Thursday (04/24/08)--the day officially open for journalist's media coverage.

This annual competition, between numerous service academies, challenges student teams with the task of defending their computer networks from constant attack. However, they're not just protecting their infrastructure from automated penetration platforms. They'll be subjected to a barrage of attacks from a network offensive operations team (Red Team), composed of NSA and Department of Defense experts, during the four day hack-a-thon.

Read more

RE: Sourcefire boasts strong IPS management toolset

alvarius — Tue, 22 Jan 2008 13:55:45 -0500

I find it peculiar that the author is putting an IPS product and a Firewall under the same umbrella. The fact that both products are capable of blocking traffic doesn't make them the same group. Same as in Math, two objects that shares the same property doesn't necessary make them belong to the same group. The Author missed the entire point in this case. Knowing the product the Author of this article had tested - what policy did the author deploy? was it the default policy? no modifications? what, one size fits all?? Did the author tried to change the policy? I did on that product and I block 95% of the attacks right of the bat leaving me 5% making up in writing my own snort rules.

Read more

IPS (intrusion-prevention system)

Inbox — Tue, 13 Nov 2007 12:25:38 -0500

An intrusion-prevention system (IPS) is an inline security device that performs deep-packet inspection to identify and block malicious traffic. IPSs are considered an improvement over intrusion-detection systems (IDS), which are passive devices that simply identify an attack but take no action to block it.

IPSs are designed to respond in real time to attacks by dropping packets deemed malicious. IPSs are designed to block application-layer attacks, all the way up to Layer 7.

BlackICE from NetworkICE is considered the first commercial IPS. It was launched in 1998. NetworkICE was purchased in 2000 by Internet Security Systems, which is now part of IBM.

Read more

Troubleshooting and deploying Cisco IOS firewall and Cisco IOS intrusion prevention systems with Cisco expert Rachna Srivastava

Brad Reese — Sun, 07 Oct 2007 21:10:26 -0400

Rachna Srivastava - is the product manager and technical marketing engineer for Cisco IOS URL filtering solutions in Cisco’s router security group in San Jose, California. She is responsible for bringing advanced Cisco IOS security solutions to market, while integrating customer and market security requirements with Cisco integrated services routers.

Rachna has previously worked on the Cisco IOS intrusion prevention system as well as the Cisco IOS firewall as a technical marketing engineer. She also has experience with application and implementation of Cisco managed security services with Cisco integrated services routers. Her other responsibilities include building technical marketing presentations and training Cisco partners and systems engineers on newly introduced Cisco IOS security technologies and platforms. Rachna has more than 7 years of experience in the computing and networking industry including networking, training and systems administration. She has authored many Cisco online technical documents and Cisco configuration guidelines and delivered numerous technical presentations for Cisco customers and partners. Rachna has a bachelor's degree in economics and management information systems. Up until Friday October 19th, take the opportunity to discuss online with Cisco expert - Rachna Srivastava, troubleshooting and deploying Cisco IOS firewall and Cisco IOS intrusion prevention systems. Join the online discussion now! http://www.BradReese.Com

Read more

Cisco offers security, unified communications, application acceleration to branch offices

Cisco Subnet — Wed, 26 Sep 2007 17:06:32 -0400

Cisco is giving branch offices a boost by introducing a plethora of products aimed at allowing managers to implement a consistent set of security, unified communications, application acceleration and wireless services at remote sites.

The offerings include a router, switch, messaging gateway, intrusion prevention system, application acceleration module, and routing software and wireless LAN controller enhancements. The new and enhanced products are intended to address the growing population of office workers located at corporate branches, and the increasing sophistication and complexity of the applications and devices they use.

More of what's being launched here.

Read more

Network based solutions can't do everything, but the same is true for clients

domwilde — Fri, 15 Jun 2007 16:12:07 -0400

But, who's watching the watchers? Re: Why network-based security doesn't cut it anymore. Interesting points here, but if you put the security solution in userland it becomes the problem. Network based solutions can't do everything, but the same is true for clients. New LAN Security technologies (like Secure Switches and Appliances) that sit in the network and act as network security agents on behalf of the user, are a significant improvement on traditional network security approaches. The reality is that we need both. There's more on this in my blog