|
Gigabit
Intrusion
Detection Systems
Group Test (Edition
2)
This report has been
superseded by Gigabit IDS Group Test Edition 3 and is no longer available on line.
However, it does include reviews of 4 IDS products, which
are not included in the current Edition. It is available for
purchase from our on line store.
Click here to purchase on line using our secure server.
Table of Contents
Introduction
Host IDS (HIDS)
'Traditional'
Host IDS (HIDS)
File
Integrity Assessment (FIA)
Network IDS (NIDS)
Network Node IDS
(NNIDS)
Intrusion
Prevention Systems (IPS)
Host IPS (HIPS)
Network IPS (NIPS)
Gigabit IDS
Which
Technology Is The Best
Problems with IDS
Detection Methods
Pattern Matching
Stateful Pattern
Matching
Protocol Decode
Heuristic Analysis
Anomaly Analysis
Which
Detection Method Is The Best
Moniter-Evaluate-Modify:
The Security Cycle
Product Reviews
Internet Security Systems RealSecure Network Gigabit
7.0
Architecture
RealSecure Network
Gigabit Agent
RealSecure OS Sensor
RealSecure Server
SiteProtector
Deployment Manager
Application Server
Sensor Controller
RealSecure Site Database
Event Collector
Security Fusion Module
SiteProtector Console
Installation
Configuration
Alert Handling
Reporting and Analysis
Verdict
Contact Details
NetScreen-IDP 500 V2.1
Architecture
IDP Sensor
Detection Engine
High Availability
IDP Management
Server
User Interface (UI)
Installation
Configuration
Alert Handling
Reporting and
Analysis
Verdict
Contact Details
NFR NID-320 V3.2.1
Architecture
Administration
Interface (AI)
Central Management
System (CMS)
NID
Sensor
Sensor Engine
Backends
Packages
Installation
Configuration
Alert Handling
Reporting and Analysis
Verdict
Contact Details
Symantec ManHunt V3.0
Architecture
Detection
Analysis
Response
ManHunt Console
ManHunt Node
Manhunt Clusters
Fail Over Groups
Installation
Configuration
Alert Handling
Reporting and
Analysis
Incident and Event
Logs
Verdict
Contact Details
Testing Methodology
The Test
Environment
Section
1 - Detection Engine
Test 1.1 - Attack
Recognition
Test 1.2 - Resistance To
False Positives
Section 2 - NIDS Performance Under Load
Test 2.1 UDP Traffic To
Random Valid Ports
Test 2.2 - HTTP 'Maximum
Stress' Traffic With No Transaction Delays
Test 2.3 - HTTP 'Maximum
Stress; Traffic With Transaction Delays
Test 2.4 - Protocol Mix
Traffic
Test 2.5 - 'Real World'
Traffic
Section 3 - Network IDS Evasion
Test 3.1 - Baselines
Test 3.2 - Packet
Fragmentation and Stream Segmentation
Test 3.3 - URL Obfuscation
Test 3.4 - Miscellaneous
Evasion Techniques
Section 4 - Stateful Operation Test
Test 4.1 - Attack Replay
Test 4.2 - Simultaneous
Open Connections (default settings)
Test 4.3 - Simultaneous
Open Connections (after tuning)
Test Results
Appendix
A - Vendor Questionnaires
Appendix
B - The Test Equipment
Spirent
Communications SmartBits SMB-6000/SMB600
SmartBits
Applications
Caw
Networks WebAvalanche and WebReflector
Adtech AX/4000
NetOptics
Regeneration Taps
Allied Telesyn AT-9800 Series Switches
SuperMicro SuperServer 6012P-6
Top
Home
|
