- The most dangerous jobs in technology
- Burning Man's open source cell phone system could save the world
- Only 5 (all women) of 135 pass Defcon social engineering test
- Fake antivirus software using ransom threats
- Cisco buys wireless smart grid company
A comprehensive lab evaluation of six intrusion-prevention systems that automatically block attacks suggests IPS is ready for enterprise use despite concerns that false positives will lead to the blocking of legitimate traffic.
Network-equipment evaluation lab NSS Group lobbed a battery of high-speed attack and evasion tests for two weeks at network-based IPS appliances from Internet Security Systems, NetScreen Technologies, Network Associates, TippingPoint Technologies and Top Layer Networks. Separately, NSS tested one host-based product, Entercept from Network Associates. All but NetScreen's IDP-500 won an "approval" rating from NSS.
The results of the examination, among the first of its kind, indicate that network-based IPS in most cases performed flawlessly or near flawlessly - and network managers should abandon exaggerated worries about it. "These tests verify the stability of the IPS device under various extreme conditions," NSS concluded, adding, "The group of tests verified that network IPS will not block legitimate traffic and is capable of detecting and blocking a wide range of common exploits."
NSS has had extensive experience testing intrusion-detection systems (IDS), which, unlike the IPS offerings, are limited to monitoring for attacks. It took a year of planning to devise the test methodology for its first IPS evaluations, says lab director Bob Walder.
"It's very hard to establish a test regimen when creating a new group test from scratch," Walder says. "There is strong justification for our latest test methodologies to be adopted as de facto standards when testing these types of products."
NSS' lab used Spirent Communications' network performance analysis systems SmartBits SMB-6000 and SMB-600 to test IPS at up to multi-gigabit speeds, when the IPS could handle it.
NSS tested for load balancing of IPS and used the SmartBits SmartWindow and SmartFlow features to generate background traffic for the 64- and 1,514-byte tests. Avalanche and Reflector gear from Spirent simulated real-world network traffic with connection speeds, packet loss and browser emulation. This helped determine performance bottlenecks, if any, by setting up Web, FTP and other connections.
NSS tested for 1 million simultaneous connections at up to 1G bit/sec while throwing hundreds of different attacks at each IPS appliance.
The results can be obtained in a 300-page report at the NSS site www.nss.co.uk.
Rss FeedRss Feed
The Connected Enterprise
Comment