RSS
|
||||||||||||||||||||||||||||||||||
  ISS RealSecure Pushes Past Newer IDS Players May 17, 1999
And while we saturated links, created thousands of sessions and blasted segments until the hubs red-lined, our IDSes kept on chugging. They endured almost everything we threw their way, carefully watching, inspecting and discarding every packet. Unfortunately, they also blithely inspected, discarded and overlooked the attack that remotely ripped the NT SAM database, containing all of the domain's user names and passwords, right out from under their noses. Real Time, Real Threats The threat of intrusion is real. Hacker penetrations have moved out of folklore status and into the mainstream. Sorting through the glossy marketing literature, it's easy to believe that without intrusion detection, your network is being lead to the slaughterhouse. After our testing, we're convinced you may be heading there anyway. Current IDS implementations are not the final answer to the threat of intrusion. They do not stop hackers dead in their tracks, and they certainly don't offer an all-encompassing security solution. IDSes aren't perfect--in fact, they're a long way from being polished. However, IDS technology can put an administrator in touch with what's going down on the network from a security perspective in real time. Giving administrators the tools to see in areas where they were previously blind is invaluable. IDSes can be a significant asset in the administrator's repertoire, and their place in the enterprise is quickly becoming apparent. As in many of our security product tests, in the end we determined we had an assortment of useful products that would have made for a remarkable solution if we somehow could have combined pieces of each into one package. Cisco Systems' NetRanger is quite the robust workhorse, and it has a strong set of attack signatures. AXENT Technologies' ID-Trak is by far the easiest to customize, and offers a simple solution to specific problems. Network Flight Recorders' NFR Intrusion Detection Appliance has a wonderful back end with a mighty scripting language. But when all is said and done, ISS' RealSecure gets our Editors' Choice award; it's the most useful and mature IDS out of the box. Packet Sniffer on Steroids? At the root of IDSes is the concept of identifying a particular attack method. While there is an endless number of possible sequences, the raw building blocks of most assaults are based on smaller components or "exploits." Building on internal databases of such exploits and patterns, IDS vendors create what are referred to as attack signatures. Using these defined signatures while inspecting real-time network traffic, IDSes try to analyze sets of packets for a signature match. IDSes typically employ two basic components: sensors and back-end management stations. The sensor or "watcher" module is responsible for grabbing (essentially sniffing) the network traffic and inspecting it, while the back end handles the logging of attacks and the issuance of any alarms or countermeasures.
|
||||||||||||||||||||||||||||||||||
Here
Here
our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at Page 1 | 2 | 3 | 4 | 5 | 6 | 7 | Next Page |
Best of the Web
Data deduplication: Declawing the clones
Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.
Compression, Encryption, Deduplication, and Replication: Strange Bedfellows
One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.
WAN Optimization Whitelists and Blacklists
Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.
WAN Optimization as a Managed Service: It's Not About the Cost
This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.
