Security Administrator m51
Security Administrator m51
In Focus: A New IPS Test Report
You might recall that The NSS Group periodically releases in-depth
test reports that can be very useful to security administrators
looking for solutions. Over the past couple of years, I have written
twice about the group's product testing for Intrusion Detection
Systems (IDSs) and Intrusion Prevention Systems (IPSs). In my
September 24, 2003 article "Evaluating Intrusion Detection Systems,"
I wrote about the group's tests of IDSs for 10Mbps/100Mbps Ethernet
and Gigabit Ethernet networks. In my March 17,
article "Evaluating Intrusion Prevention Systems," I wrote about the
group's tests of IPSs.
..Joseph E
The NSS Group recently finished its second round of tests and has
made the results available online. According to the group,
testing "consists of seven sections within three primary areas:
performance and reliability, security accuracy, and usability." The
group also said that "the brand new test suite contains more than 800
individual tests, many of which are run multiple times, to provide
the most thorough and complete evaluation anywhere of IPS products
available today."
An interesting tidbit from the latest report is that nine vendors
signed up for the recent tests. However four of the products didn't
make the cut during stringent testing, so the final report covers the
five remaining products. The current report includes detailed test
information about BroadWeb NetKeeper NK-3256T 3.6.0, Fortinet
FortiGate-800, SecureSoft Absolute IPS NP5G 1.1, Top Layer IPS 5500
3.3, and V-Secure V-100 7.0.
A couple of other interesting notes are related to performance.
During earlier tests, The NSS Group measured IDS and IPS top traffic-
processing speeds of 1Gbps to 2Gbps; this year, top speeds well
exceeded that threshold. So the group decided to launch a new
multigigabit IPS test later this year. Ten vendors have reportedly
already signed up for the next test.
It's also interesting to note that industry analysts had previously
claimed that IDS and IPS systems were things of the past. But
something is seriously wrong with that "analysis," because IDS and
IPS systems are still being used, and according to The NSS Group, the
number of available products has actually grown!
The group said that over the last year, it has improved the testing
suite and introduced a new methodology to conduct in-depth tests of
rate-based IPS systems, which gives a more accurate evaluation of
their capabilities as compared to the evaluation of content-based IPS
systems.
The report itself is great information for security administrators
looking for evaluations of prospective product choices. The report is
also valuable in that it offers details about the group's test
methodologies as well as about the hardware and software solutions
the group uses to conduct its tests.
As has been the case in the past, the results of the new report are
freely available at the group's Web site (see the first URL below).
If you missed the past reports, you can find those online too (see
the second URL below). If you want a copy of all reports on CD-ROM or
copies of selected reports in PDF format, you can purchase those at
the Web site.
= Security Administrator =
Security Administrator is the monthly newsletter from Windows IT
Pro that shows you how to protect your network from external
intruders and control access for internal users. As an added bonus,
paid subscribers get access to over 1900 searchable articles on the
Web. Sign up now to get a 1-month trial issue--you'll feel more
secure just knowing you did.
= Security News and Features =
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities.
Serious Flaws in Symantec and F-Secure Protection Products
Internet Security Systems (ISS) reported that its X-Force research
team has discovered a serious vulnerability in a Symantec parsing
engine that's used in several of the company's products. ISS X-Force
also discovered a critical flaw in F-Secure's antivirus and Internet
security products. The flaw is in the way the products scan files
that are compressed with ARJ compression.
Microsoft Investigating Anti-Anti-Spyware Trojan
by Paul Thurrott
Microsoft is investigating a new electronic attack that attempts
to disable the Microsoft AntiSpyware beta product so that it can
surreptitiously install spyware on users' systems.
= Resources and Events =
Get Ready for SQL Server 2005 Roadshow in a City Near You
Get the Facts about Migrating to SQL Server 2005. SQL Server
experts will present real-world information about administration,
development, and business intelligence to help you implement a best-
practices migration to SQL Server 2005 and improve your database
computing environment. Receive a 1-year membership to PASS and 1-year
subscription to SQL Server Magazine.
Fax Servers: Integrate. Automate. Communicate
Attend this free Web seminar and receive a complimentary 30-day
software evaluation, industry whitepaper, and a Starbuck's gift card!
Join industry expert David Chernicoff and learn how leading
organizations are incorporating fax technologies to empower users and
enhance existing investments in infrastructure and applications while
providing substantial ROI.
Sensible Best Practices for Exchange Availability Web Seminar
If you're discouraged about not having piles of money for
improving the availability of your Exchange server, join Exchange MVP
Paul Robichaux for this free Web seminar and learn how to maximize
your existing configuration. Survive unexpected outages, plan for the
unplannable, and evaluate what your real business requirements are
without great expense.
Keeping Critical Applications Running in a Distributed Environment
Get up to speed fast with solid tactics you can use to fix
problems you're likely to encounter as your network grows in
geographic distribution and complexity and learn how to keep your
network's critical applications, such as Active Directory and
Exchange, running. Don't miss this exclusive opportunity--register
now!
Discover All You Need to Know About 64-bit Computing in the Enterprise
In this free Web seminar, industry guru Michael Otey explores the
need for 64-bit computing and looks at the type of applications that
can make the best use of it. He'll explain why the most important
factor in the 64-bit platform is increased memory. Discover the best
platform for high performance and learn how you can successfully
differentiate, migrate, and manage between 32-bit and 64-bit
technology.
= Security Toolkit =
FAQ
Q. How can I enable complex passwords on my Windows Server 2003
Active Directory (AD) domain?
Security Forum Featured Thread: Monitoring File System Changes
Jay wonders whether there's a utility that can monitor for file
system changes when an application is installed. Jay wants to be able
to detect all the files that have been added, deleted, or changed
during the installation process.
= Announcements =
If you haven't seen Exchange & Outlook Administrator, you're
missing out on key information to help you migrate, optimize,
administer, backup, recover, and secure Exchange and Outlook. Plus,
paid subscribers receive exclusive online library access to every
article we've ever published.
= New and Improved =
A Faster IPS
TippingPoint, a division of 3Com, announced that the TippingPoint
5000E Intrusion Prevention System (IPS), which can perform total
packet inspection at 5Gbps with real-world traffic, will ship next
month. TippingPoint claims that the 5Gbps throughput rate is "more
than double any other IPS's maximum rated throughput." TippingPoint
5000E comes with eight Gigabit Ethernet ports able to protect four
network segments. The TippingPoint product line is automatically kept
up-to-date through the Digital Vaccine service to protect against the
latest worms, viruses, Trojan horses, Denial of Service (DoS)
attacks, spyware, and Voice over IP (VoIP) threats.
