* The Reviewmeister checks out NetScreen-IDP 100 If you’re looking for a clean implementation of intrusion prevention that’s solid in every way, check out NetScreen Technologies’ NetScreen-IDP 100.NetScreen has a huge signature library, but you have to define your internal hosts and vulnerable ports for the signatures to apply. For a large network, that would be a fairly tedious process. NetScreen says it will add automation tools in the next version of its IDP, shipping this quarter.As an added bonus, we found honeypot technology in NetScreen’s IDP. The idea behind a honeypot is that most attackers will do very broad-scale reconnaissance on a network as part of an attack. If you put a system out there that should never be legitimately connected to, then any connection to that honeypot system is suspect and represents potential malicious traffic, no matter the content.IDP can use specifically configured honeypot addresses and services to initiate a block against further traffic from the system connecting to it. NetScreen also includes sophisticated protection for connection floods with a TCP proxy. For example, NetScreen’s SYN Protector feature lets you define a combination of IP addresses and an application, then enable the protector. All TCP connections are proxied by the SYN Protector, eliminating some classes of connection flood attacks. The content-based IPSs we tested don’t have any sophisticated tools for User Datagram Protocol (UDP)-based protocols.One of the first management features we looked for was the ability to put the system into alert-only mode. The idea is to keep the IPS running, but never drop any traffic. You would want to do this for tuning purposes, and a network professional might want to run it in this mode if the IPS is ever suspected of causing network problems. NetScreen has a configuration versioning capability which would let you create two configurations, one alert-only and one not, along with the ability to easily switch between them. All the other IPSs we tested had a hard time with this simple request, either requiring some hardware rewiring or a more detailed modification of the security policy that was not easily reversible. We also thought that most network professionals would want to have a whitelist capability: Tell the IPS that certain systems are not to be blocked for any reason. NetScreen gave us nice levels of detail, down to the port or, even to the signature level. For the full report, go to https://www.nwfusion.com/reviews/2004/0216ipscontent.html Related content brandpost Sponsored by HPE Aruba Networking Bringing the data processing unit (DPU) revolution to your data center By Mark Berly, CTO Data Center Networking, HPE Aruba Networking Dec 04, 2023 4 mins Data Center feature 5 ways to boost server efficiency Right-sizing workloads, upgrading to newer servers, and managing power consumption can help enterprises reach their data center sustainability goals. By Maria Korolov Dec 04, 2023 9 mins Green IT Servers Data Center news Omdia: AI boosts server spending but unit sales still plunge A rush to build AI capacity using expensive coprocessors is jacking up the prices of servers, says research firm Omdia. By Andy Patrizio Dec 04, 2023 4 mins CPUs and Processors Generative AI Data Center feature What is Ethernet? History, evolution and roadmap The Ethernet protocol connects LANs, WANs, Internet, cloud, IoT devices, Wi-Fi systems into one seamless global communications network. By John Breeden Dec 04, 2023 11 mins Networking Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe