I wrote an Opus One white paper on how to select a Network-based IPS which is
now available:
http://www.juniper.net/solutions/literature/white_papers/select_ips.pdf
Juniper is hosting the white paper and did the layout & graphics, although there
is no Juniper-specific content in the paper (and Juniper didn't have editorial
control). It discusses signature-based IPS, rate-based IPS, and NBAD-ish IPS as
options. Because most of the products out there are signature-based (and
because of space constraints), I mostly concentrate on signature-based IPS.
The goal of the white paper is to lay out a methodology for deciding what kind
of IPS (if any) is right for your network, and then giving a series of steps to
go through to decide what type of IPS is the right one for your network.
Here's the first paragraph:
Executive Summary: Network Intrusion Prevention Systems (IPS) can
be extremely effective pieces of your overall network security strategy.
However, the IPS marketplace is filled with products that all do very different
things and are suitable for very different environments. Therefore, buyers
beware, because simply throwing any IPS into the network without careful
consideration can be a costly error, both in terms of capital outlay and
operational provisions.
jms
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One Phone: +1 520 324 0494
[EMAIL PROTECTED] http://www.opus1.com/jms
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
