Hello David, The IPS is for the network edge, there are already some F5 loadbalancers and ASM modules running for protecting the web apps. We need to unload these.
Thank you, Andre --- David Henning <[email protected]> schrieb am Mi, 29.7.2009: > Von: David Henning <[email protected]> > Betreff: RE: IPS - Cisco vs. McAfee vs. Tippingpoint > An: "Hurgel Bumpf" <[email protected]>, "[email protected]" > <[email protected]> > Datum: Mittwoch, 29. Juli 2009, 13:05 > Since this is for a website, have you > checked some of the web application firewalls like > WebDefend? It does learning and I think has a > threshold to alert for new session spikes, etc. It > installs either in-line or not in-line but with extra ports > available to send RST to both ends, etc. > > David Henning, CISSP, GCPM > Hughes Network Systems, LLC > Principal Security Analyst > 301-428-5533 > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > On Behalf Of Hurgel Bumpf > Sent: Wednesday, July 29, 2009 8:25 AM > To: [email protected] > Subject: IPS - Cisco vs. McAfee vs. Tippingpoint > > > Hi List, > > i need to protect a "realtime" website with an inline IPS > from (D)DOS attacks. > > I had some bad experience with Tippingpoint UnityOne 2400 > field test. The device dropped to much sessions until all > connectivity was lost. > After that no investigation was not possible as TP logs all > attack information with IP address 0.0.0.0 > > The vendor excused this with the layered technology and > passing the IP address from the hardware to the logger would > lead to delayed packages) > > This is unacceptable. > > i'm now looking forward to test a Cisco IPS 4270-20 and a > McAfee Network Security 4050 appliance. > > Who has a good/bad experience with that devices? Is it true > that all devices don't log ip adresses? > > My dream appliance would be able to run like in a 7 day > learning mode which counts max new sessions per second, max > sessions per client aso. After this 7 days it creates a > filter with +x% of the learned values and sets these limits > active. > > A big problem is that i have to install it into the > productive system to get the real values. I dont have any > fixed values regarding the new sessions per second and i > cant just guess and set values and render the system > offline. > > All information is highly appreciated! > > Thank you very much for your time, > > Andre > > > ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
