|
Gigabit Intrusion Detection Systems Group Test (Edition 2) This report has been superseded by Gigabit IDS Group Test Edition 3 and is no longer available on line. However, it does include reviews of 4 IDS products, which are not included in the current Edition. It is available for purchase from our on line store. Click here to purchase on line using our secure server. Table of Contents Introduction
Host IDS (HIDS)
'Traditional' Host IDS (HIDS)
File Integrity Assessment (FIA)
Network IDS (NIDS)
Network Node IDS (NNIDS)
Intrusion Prevention Systems (IPS)
Host IPS (HIPS)
Network IPS (NIPS)
Gigabit IDS
Which Technology Is The Best
Problems with IDS
Detection Methods
Pattern Matching
Stateful Pattern Matching
Protocol Decode
Heuristic Analysis
Anomaly Analysis
Which Detection Method Is The Best
Moniter-Evaluate-Modify: The Security Cycle
Product Reviews Internet Security Systems RealSecure Network Gigabit 7.0
Architecture
RealSecure Network Gigabit Agent
RealSecure OS Sensor
RealSecure Server
SiteProtector
Deployment Manager
Application Server
Sensor Controller
RealSecure Site Database
Event Collector
Security Fusion Module
SiteProtector Console
Installation
Configuration
Alert Handling
Reporting and Analysis
Verdict
Contact Details NetScreen-IDP 500 V2.1
Architecture
IDP Sensor
Detection Engine
High Availability
IDP Management Server
User Interface (UI)
Installation
Configuration
Alert Handling
Reporting and Analysis
Verdict
Contact Details NFR NID-320 V3.2.1
Architecture
Administration Interface (AI)
Central Management System (CMS)
NID Sensor
Sensor Engine
Backends
Packages
Installation
Configuration
Alert Handling
Reporting and Analysis
Verdict
Contact Details Symantec ManHunt V3.0
Architecture
Detection
Analysis
Response
ManHunt Console
ManHunt Node
Manhunt Clusters
Fail Over Groups
Installation
Configuration
Alert Handling
Reporting and Analysis
Incident and Event Logs
Verdict
Contact Details Testing Methodology
The Test Environment
Section 1 - Detection Engine
Test 1.1 - Attack Recognition
Test 1.2 - Resistance To False Positives
Section 2 - NIDS Performance Under Load
Test 2.1 UDP Traffic To Random Valid Ports
Test 2.2 - HTTP 'Maximum Stress' Traffic With No Transaction Delays
Test 2.3 - HTTP 'Maximum Stress; Traffic With Transaction Delays
Test 2.4 - Protocol Mix Traffic
Test 2.5 - 'Real World' Traffic
Section 3 - Network IDS Evasion
Test 3.1 - Baselines
Test 3.2 - Packet Fragmentation and Stream Segmentation
Test 3.3 - URL Obfuscation
Test 3.4 - Miscellaneous Evasion Techniques
Section 4 - Stateful Operation Test
Test 4.1 - Attack Replay
Test 4.2 - Simultaneous Open Connections (default settings)
Test 4.3 - Simultaneous Open Connections (after tuning) Test Results Appendix A - Vendor Questionnaires Appendix B - The Test Equipment
Spirent Communications SmartBits SMB-6000/SMB600
SmartBits Applications
Caw Networks WebAvalanche and WebReflector
Adtech AX/4000
NetOptics Regeneration Taps
Allied Telesyn AT-9800 Series Switches
SuperMicro SuperServer 6012P-6 |
