jhhaley
asked on
IDS Module for a Cisco 6509 blade switch
This past year we purchased and installed a Cisco 6509 blade switch and two other 4000 series blade switches. This next year I'm considering purchasing the IDS module.
If you're currently using this product could you please give me your opinion on this product. Your answers will no doubt trigger some addtional questions from me.
Thanks!
If you're currently using this product could you please give me your opinion on this product. Your answers will no doubt trigger some addtional questions from me.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Performance is a crucial part of any IPS. The device has to be fast enough to break up the packet, analyse it, and reassemble it with minimal latency. This is even more important when you have large amounts of data, in either an enterprise or carrier-level network. ..and SUPER-important if you're under a DDOS attack and need the raw processing power to ditch malicious packets in favour of legitimate ones.
Choice of an IPS will depend on:
1) What resources you want to protect
2) How commercially sensitive the downtime of these resources are (eg an online gaming company cannot afford any downtime, whereas www.joepublicshomepage.com probably wouldn't care...)
General recommendations would be:
1) Never to go for an IPS that runs on an Intel platform - the processors are way too slow and not designed for network analysis (no matter what their salesmen say!)
2) Choose an inline, self-managed IPS whereever possible for two reasons:
a) You will never get a favourable contract or terms and conditions from an ISP
b) You need to be inline to deal with fragmented packet streams and also see both ends of communication directly
There are many vendors whom base their IPS products on a Linux platform and run on an Intel box - Radware DefensePro, Netscreen ISP, ISS Proventia, Check Point Entercept, Webscreen.. the list goes on. I've personally tested all of these and they do not come up to scratch as the hardware is simply not fast enough.
The ONLY product that comes top is the TopLayer IPS 5500 Attack Mitigator series - ASIC/FPGA based, gigabit capable. I liked it so much I'm now working for them... ! ;)
Choice of an IPS will depend on:
1) What resources you want to protect
2) How commercially sensitive the downtime of these resources are (eg an online gaming company cannot afford any downtime, whereas www.joepublicshomepage.com probably wouldn't care...)
General recommendations would be:
1) Never to go for an IPS that runs on an Intel platform - the processors are way too slow and not designed for network analysis (no matter what their salesmen say!)
2) Choose an inline, self-managed IPS whereever possible for two reasons:
a) You will never get a favourable contract or terms and conditions from an ISP
b) You need to be inline to deal with fragmented packet streams and also see both ends of communication directly
There are many vendors whom base their IPS products on a Linux platform and run on an Intel box - Radware DefensePro, Netscreen ISP, ISS Proventia, Check Point Entercept, Webscreen.. the list goes on. I've personally tested all of these and they do not come up to scratch as the hardware is simply not fast enough.
The ONLY product that comes top is the TopLayer IPS 5500 Attack Mitigator series - ASIC/FPGA based, gigabit capable. I liked it so much I'm now working for them... ! ;)
ASKER
I've snort running, but I thought the module might actually give me another layer of protection. However I've been looking more at an IPS system and the module is not cheap. The money might best be spend elsewhere.