Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	Cisco all but kills Cius tablet computer
•	Windows 8 Update: Steve Ballmer's 80-inch Windows 8 tablet
•	Gartner: Don't trust cloud provider to protect your corporate assets
•	Take me out to the ballgame, with 4G
•	Most OpenOffice users run Windows
•	Smartphones with quad-core chips and 4G LTE coming soon
•	Government alarm over cyberattacks validated by terrorists
•	Lawmakers call on DOJ to reopen investigation into Google Wi-Fi spying
•	Researchers propose TLS extension to detect rogue SSL certificates
•	IaaS: Renting on-demand technology
•	Yahoo Axis may be game changer for search and the troubled company
•	Android, Apple Own 80% of Global Smartphone Market; Microsoft's Share, 2.2%
•	Managing Mobile Mania
•	Proposed New York Legislation Would Ban Anonymous Online Comments
•	Supercomputer to connect to 400PB of storage via Ethernet
•	More breaking news

/

Clear Choice Tests /

How we did it

By Rodney Thayer
Network World, 01/31/05

We installed the Stealthwatch 4.2 appliance in a live production network. We used two different instances of an unpatched Red Hat 7.3 server for our tests, initially with default services enabled and then with just SSH. We used a generic Pentium-based tower PC as a test target in the "inside" zone monitored by the device.

We used Internet Explorer running on a Windows XP system to drive the Stealthwatch GUI, and set up a stock syslog server on a Fedora Core 1 box as the syslog host. Both the IDS and the test target server were attached to a hub along with other systems, so that DNS, SSH, Web, and email traffic was flowing past the IDS, although not through the test target server.

We ran this configuration for several days and performed a conventional (default options) set of NMAP and Nessus scans to induce known attack traffic. We used Metasploit to attack known vulnerabilities (Samba and PPTPD) and 'Brutessh2' to attack the SSH daemon on the test target server.

Back to Clear Choice Test: Network Intrusion-Detection Systems

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.