[AusNOG] IDS / IPS Experience
Eric Appelboom
eappelboom at gmail.com
Thu Dec 1 00:18:26 EST 2011
Hi, Depends on the vendor, McAfee Intrusheilds (I-Series) for example
are usually installed with external fail-open kits.
The originals (white leds) were supplied by netoptics (they do taps as
well) they would kick in without a network interruption when upgrading
appliance firmware or removing the sensor. The newer kits (blue leds) do
drop stateless protocols (icmp/udp and the like) however TCP pauses as
packets are retransmitted. Typically no longer than 1-2 seconds.
Have not deployed any M-Series appliances to date. Checkpoint IPS-1,
Radware DefensePro have internal failopen switches which makes RMA'ing and
an appliance challenging.
Eric
On Wed, Nov 30, 2011 at 2:46 PM, <mants at tpg.com.au> wrote:
> Hi,
>
> Just wondering if anyone want's to share their experience regarding IDS
> /IPS
> solution related to traffic handling during hardware power cycle. Did you
> see
> any packet/s drops during and after? and why?
>
> Cheers,
> Amante
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
--
Eric Appelboom MInfoSysSecurity CISA CISM CRISC CISSP-ISSAP CSSLP CGEIT
C|EH CCSA CCSE CCNA(SECURITY) SEC+ MCSA(SECURITY) MCSE MCTS MCITP ITIL
TOGAF
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20111130/53f46281/attachment.html>
More information about the AusNOG
mailing list