|
|
Enron Mail |
NETWORK WORLD NEWSLETTER: NEAL WEINBERG
on PRODUCT REVIEWS 10/16/01 - Today's focus: Intrusion detection systems Dear Wincenty Kaminski, In this issue: * Enterasys' IDS Dragon offers best performance for network- based intrusion detection * Links related to Network World product reviews * Featured reader resource _________________________________________________________ SO, WHAT DO YOU THINK? Give us your opinion on 5 different banner advertisements and enter to win $500! Take the Banner Concepts survey at http://www.rresults.com/bannerconcept/index.cgi _____________________________________________________________ Today's focus: Intrusion detection systems By Neal Weinberg Intrusion detection systems are key components to any security system. So the Reviewmeister decided to check out network-based IDS products from Cisco, Computer Associates, Enterasys Networks, Intrusion.com and Internet Security Systems (ISS). The intrusion detection systems (IDS) products from Cisco, Enterasys and Intrusion.com are appliances, while CA and ISS offer software-based systems. We conducted several tests to measure performance. First, we measured how well the product could detect a random sample of commonly recognized intrusion attacks, such as ping floods, Jolt2 attacks, SYN floods, finger bombs and others. These were tested initially under no background traffic load. To achieve a passing score, the IDS had to correctly identify the attack within five minutes of the attack's launch. We tallied whether the intrusion was recorded, if it was correctly identified and the approximate time it took to recognize the attack. Next, we ran stress tests to see how the products would work as background traffic load increased from 40M to 60M bit/sec, then up to 90M bit/sec. A third test determined whether the products could detect attacks specifically designed to avoid traditional IDS systems. Enterasys' IDS Dragon took the gold in performance. In addition to its excellent showing in the first two tests, Dragon also beat the competition by detecting attacks that are specifically designed to avoid traditional IDS systems. IDS Dragon also performed with near bulletproof reliability, demonstrating minimal performance degradation under traffic load and solid system stability during all of the tests. The IDS Dragon missed only three out of 27 random attacks and detected 24 out of the resulting 24 attacks sent to it under the 40M and 60M bit/sec traffic load. With the 90M bit/sec traffic, IDS Dragon correctly detected 21 out of 24 attacks. No other product performed as well with the basic intrusion- detection and stress tests, although Cisco Secure IDS performed well under load. The ISS RealSecure performed well under 40M and 60M bit/sec loads, detecting 22 out of 24 attacks, but fell down to 17 attacks out of 24 when the traffic load went to 90M bit/sec. Intrusion.com's SecureNet Pro had the hardest time under heavy background traffic loads. After a strong start - detecting 24 out of 27 attacks with no load - performance steadily declined as load increased. It detected only four out of 27 attacks under the 90M bit/sec load. Curiously, SecureNet detected the highest number of attacks (25) under no load, but supported the smallest database of known attack signatures of the products tested. All the products tested did well in detecting certain attacks, including Whisker (various types), Targa3 and Bind, which are specifically designed to evade network-based IDS products. Cisco, CA, Enterasys and Intrusion.com detected 16 out of 17 attacks, and ISS got them all. While CA's eTrust IDS performed adequately in our stress tests, it did not perform consistently under high (90M bit/sec) loads. It appeared that the longer we let the background traffic stream run (up to 10 minutes or more), the less consistently eTrust detected the attacks. For the full report, go to http://www.nwfusion.com/reviews/2001/1008rev.html _______________________________________________________________ To contact Neal Weinberg: Neal Weinberg is features editor at Network World, in charge of product reviews, Buyer's Guides, technology primers, how-tos, issue-oriented feature stories and the Technology Insider series. You can reach him at mailto:nweinber@nww.com. _______________________________________________________________ Promote your services and generate qualified leads! Register on Buy IT, NW Fusion's Vendor Directory and RFP Center. It's cost-effective and eliminates the headaches of finding new business. List your company today and access millions of dollars in RFPs posted by active buyers. Go to NW Fusion now! http://www.nwfusion.newmediary.com/091201nwwprovnwltr1 ______________________________________________________________ RELATED LINKS Intrusion-detection firms push for unified management Network World, 05/21/01 http://www.nwfusion.com/news/2001/0521iss.html Users warming to outsourced intrusion detection Network World, 02/12/01 http://www.nwfusion.com/news/2001/0212specialfocus.html The archive for Reviews is: http://www.nwfusion.com/reviews/index.html ______________________________________________________________ FEATURED READER RESOURCE Audio Primers Are you behind on the basics of technologies such as ATM, IP Multicast and VPNs? Check out our library of audio primers - quick explanations of networking topics and technologies, including IPv6, SANs and DSL vs. cable. These less-than-10- minute primers will not only explain how these technologies work, but they'll also show you through slides and diagrams. http://www.nwfusion.com/primers/index.html _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.nwwsubscribe.com/nl ______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To unsubscribe from promotional e-mail go to: http://www.nwwsubscribe.com/ep To change your e-mail address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Fusion Sales Manager, at: mailto:jkalbach@nww.com Copyright Network World, Inc., 2001 ------------------------ This message was sent to: vkamins@enron.com
|