Upcoming Sourcefire Webcast
March 2, 2010 by theipsguy · Leave a Comment
Sourcefire is hosting a webcast on IPS tuning. I think this is a critical step that is unfortunately overlooked in many organizations.
NSS Labs, the world’s leading independent information security research and testing organization. recently put seven leading Network IPS vendors through a rigorous test that included 1,159 validated exploits. 
One of the findings from the test was that a “tuned” IPS blocks considerably more threats than an IPS configured with a default policy alone..
To learn more about the NSS Labs Network IPS test results and some of the industry best practices for IPS tuning, please join us on March 10th for a free and insightful live webcast.
Speakers: Rick Moy, President of NSS Labs &
Matt Watchinski, Sr. Director of Sourcefire’s Vulnerability Research Team™ (VRT)
Date: Wednesday, March 10th at 11:00 a.m. Eastern (EST)
End of an era.
March 2, 2010 by theipsguy · Leave a Comment
IBM has announced it is dropping the IBM Intenet Security Systems name and all the security divisions will now be under IBM Security Services (I guess they didn’t want to get rid of the ISS acronym) . X-Force will apparently be moved under IBM research and ISS will be moved under the same group as the Tivioli products. This is the offical end of an era. ISS was one of the first security companies and developed many innovative products and the X-Force was the top research group in the field.
IBM has continued the majority of the product lines and has maintained X-Force but it is not what it once was. This the trend was have seen over the years with the smaller innovative security companies being acquired by the larger players. We saw this with RSA and EMC, IBM and ISS, 3Com and TippingPoint now HP. It seems the only ones not acquired were Symantec and Mcafee who have been the acquirerers.
For IBM this change makes sense and most new it would come. Now all security products and services are now under a single organization. This will allow them th likely reduce cost and better cross sell their products.
Good bye ISS!
Cabling an IPS
February 15, 2010 by theipsguy · Leave a Comment
One of the most confusing aspect of setting up an IPS can be the cabling. Different vendors have different cabling requirements and in many organizations different teams control the different devices that may be connected to the IPS. Some vendors recommend using cross-over cables when connecting devices such as firewalls and routers. This is not usually needed if you are configuring the interfaces to Auto/Auto. Most vendors support auto-mdix and auto-mdix automatically detects the cable type and configures the connection appropriately. The works as long as the interfaces speed and duplex are set to auto/auto.
Problems can arise though when you use straight cables and then change the interfaces to a hard set speed and duplex. What worked with Auto/Auto now does not work and the interfaces do not connect resulting in down time. I have seen this happen in a production network and the result was not good.
Some ways to prevent this is to use the cabling requirements as if the interfaces were hard set to a speed and duplex even if they are left in auto/auto. If the interfaces are changed later then you should not have to change the cabling. Make sure if using aut0/auto that the switch ports are configured to use port fast. This ensure the ports reactivate quicker if they become connected. This will ensure any bypass units activate quicker and downtime is reduced.
Intrusion Prevention Summit
January 11, 2010 by theipsguy · Leave a Comment
There is a Intrusion Prevention Summit being hosted by BrightTalk beginning on January 12th. You can register at the below link. There are several interesting topics including, “The Value of IDS/IPS virtualization in Managed Services”, and several other IPS related talks.
http://www.brighttalk.com/summit/intrusionprevention
Added Juniper Visio Stencils and a IPS project plan
December 23, 2009 by theipsguy · Leave a Comment
Merry Christmas everyone!
I have added Juniper IPS Visio stencils to the download section. Also as many of you know managing a large IPS deployment can be a challenging task. I have uploaded a generic project plan that has been used as a starting point many times. I hope it helps, you can also find this in the download section.
Updated TippingPoint Visio Stencils
December 11, 2009 by theipsguy · Leave a Comment
I have updated the TippingPoint Visio stencils. This update included many more shapes and designs. I have combined both stencils into a single file for download.
Cisco releases an Iphone App of its own
December 4, 2009 by theipsguy · Leave a Comment
Cisco has joined Sourcefire in the Iphone App arena. Today I installed their app and it can be found on Itunes at the below link. It allows you to review Cisco Mitigation Bulletins which are helpful if you use Cisco IPS and other products. It also pulls in news feeds on the latest security events and malware outbreaks. The feature I like the best, but I am not sure how useful it will be on an IPhone, it the ability to enter an IP Address or Domain Name and receive its reputation.
http://itunes.apple.com/us/app/cisco-sio-to-go/id338613740?mt=8
There are some funny videos and other information at the site http://csioiphone.com/
Visio stencils for TippingPoint and Sourcefire now available
December 3, 2009 by theipsguy · Leave a Comment
I now have available for download the Sourcefire and Tippingpoint Visio Stencils. You can find them on my download page.
Visio Stencils for Mcafee and IBM/ISS IPS devices now available for download.
November 20, 2009 by theipsguy · Leave a Comment
I now have available for download the Mcaffe and IBM/ISS Visio Stencils. You can find them on my download page. I hope to post more over the next few weeks. If you have some please send them to me.
HP acquires 3Com = HP acquires Tippingpoint
November 13, 2009 by theipsguy · Leave a Comment
HP announced it will acquire 3Com which means it will acquire Tippingpoint. This will give HP a top notch Network Intrusion Prevention system. HP seems to want to be a security vendor with it’s earlier acquisition of the WebInspect products but has not had a lot of success marketing their security solutions so it is unclear how they will handle Tippingpoint. When thinking of security how many think of HP?
It also seems that HP’s primary goal in acquiring 3Com is not the IPS but the networking equipment that 3Com is known for. Tippingpoint was treated very much like a seperate company and it is not clear if this will continue. This is somewhat similar to the IBM acquistion of ISS. IBM’s primary reason for the acquistion was to get the managed services business and HP’s primary goal is likely to get the networking business not the IPS business. If handled well this could pose a serious competition to Cisco’s products and their dominance.
