Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Cisco all but kills Cius tablet computer
Windows 8 Update: Steve Ballmer's 80-inch Windows 8 tablet
Gartner: Don't trust cloud provider to protect your corporate assets
Take me out to the ballgame, with 4G
Most OpenOffice users run Windows
Smartphones with quad-core chips and 4G LTE coming soon
Government alarm over cyberattacks validated by terrorists
Lawmakers call on DOJ to reopen investigation into Google Wi-Fi spying
Researchers propose TLS extension to detect rogue SSL certificates
IaaS: Renting on-demand technology
Yahoo Axis may be game changer for search and the troubled company
Android, Apple Own 80% of Global Smartphone Market; Microsoft's Share, 2.2%
Managing Mobile Mania
Proposed New York Legislation Would Ban Anonymous Online Comments
Supercomputer to connect to 400PB of storage via Ethernet
/

Top 20 (or there abouts) Questions for your IPS vendor
1. Where is this product designed to sit on the network?
2. What are the latency, throughput, and jitter claims you make regarding this product and how did you arrive at those numbers? (See Issues with IPS performance numbers.)
3. Is this product primarily designed to mitigate attacks with rate-based mechanisms or content/anomaly-based mechanisms?
Rate-based products Content/anomaly-based products
4. What additional content-based features does this product offer? What additional rate-based features does this product offer?
5. What tools does this product offer that let you measure baseline traffic norms? What is the underlying IDS system in this product?
6. How granularly can you define which incoming traffic the IPS is going to examine and, eventually, limit or block? How big is the signature database? Which of those signatures are turned on by default? What is the update mechanism for new signatures?
7. How sophisticated are the rate detection and control mechanisms offered? (For example, can they detect just a flood or can they track potentially malicious single connections over time?) How do you see, enable, disable, and modify attributes of bad traffic signatures?
8. How does this product discover machines and services running on the network that need IPS protection?
9. Does your product have a learning mode, how long does it take, and how do you recommend running it in learning mode?
10. How easily can you run this product in an alert-only mode?
11. What kinds of traffic can this product block (DoS attack UDP protocol attacks, buffer overflow attacks, fragmentation attacks, spoofing attacks (inbound/outbound), application-layer attacks, for example?
12. What are the action options offered by this product once malicious traffic is discovered (drop-only, pass and track, pass and alert, pass but limit, for example).
13. What kind of communication happens between this IPS device and either my installed firewall or a built-in one?
14. Does the product provided centralized configuration and/or management capabilities?
15. What are your configuration options (rules per port, per system, for example.)?
16. Does the product provided centralized configuration and/or management capabilities?
17. What is the overall strategy for alert you of both malicious activity and of blocked traffic?
18. What are the product’s reporting capabilities?
19. Does this product have the ability to connect to a Security Event Management system via some event reporting mechanism?
20. If this device’s log fills, will it continue to operate without logging?
21. Does the vendor offer log analysis tools for forensics and capacity planning?
22. What secure management access methods does this device support, such as SNMPv3 or SSHv2? Are these the only methods enabled by default?

Back to review


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.