I recently had the privilege of advising on a SANS Gold Paper (GCIA) for Michael Dyrmose, titled "Beating the IPS" ( http://www.sans.org/reading_room/whitepapers/intrusion/beating-ips_34137 ). In the paper, Micheal uses basic IPS evasion techniques to test the capabilities of many of the "major vendor" IPS Systems. To be as fair as possible, Michael targeted the MS08-067 vulnerability, the security flaw that Conficker took advantage of - every IPS on the planet should be able to handle that, right?
=============== |
Rob VandenBrink 577 Posts ISC Handler Mar 27th 2013 |
Thread locked Subscribe |
Mar 27th 2013 9 years ago |
For Cisco's IPS, just for "maintenance" activities, not analysis activities, I estimate you need at least 1 FTE in a medium service provider environment. Most acquaintances I know, and users I have met in training, do not run it in-line in IPS mode. For many good reasons. Do not get me wrong, there have been significant improvements and additions made with signatures over recent years, I am not bashing this product. You just have to deal with its strengths and weaknesses, and pure, life-cycle maintenance FTE's are needed to ensure you have minimal problems with service interruption if you decide to run it as an in-line IPS.
|
Patrick 2 Posts |
Quote |
Mar 27th 2013 9 years ago |
While I applaud the author for the thorough evaluation of evading techniques, it would be more helpful to understand if he had listed the Operating System and Filter versions of each product that was evaluated. Also using more “recent†appliance would have been better, as at least two of the products, Checkpoint and Tipping Point, are officially End of Life.
|
Patrick 1 Posts |
Quote |
Mar 28th 2013 9 years ago |
As a Cyber Security student at St. John's I have been looking at predominantly free IDPS systems to defend my network. The most straightforward system I found is EasyIDS. I also looked at AlienVault's OSSIM.
In terms of evading, checkout Evader. http://evader.stonesoft.com/ |
MasterFU410 2 Posts |
Quote |
Mar 28th 2013 9 years ago |
I forgot to mention Security Onion and Network Security Toolkit
|
MasterFU410 2 Posts |
Quote |
Mar 28th 2013 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!