Thinking about 10 gig IPS
I have been looking at 10 gig solutions for IPS and I have to say there is a wide difference in the way the different vendors are doing this.
IBM
Network Security Controller allows for two 10 giga-bit networks to be connected in an active/passive configuration. You would then connect the copper IPS devices to the controller and the controller spreads the load among the connected IPS devices. This would provide IPS with the ability to inspect up to 10 gigabit of traffic assuming the IPS devices connected to it can inspect up to 10 gig. The GX6116 has an inspected throughput of 6 Gbps. IBM has no native 10 giga-bit interfaces on their IPS devices.
Mcafee
Mcafee offers two devices with 10 giga-bit interfaces. The M8000 has 12 10 giga-bit Ethernet ports and a maximum throughput of 10 Gbps, the M6050 has 8 10 giga-bit Ethernet ports with a maximum throughout of 5 Gbps.
Sourcefire
Sourcefire has the 3D9800 with four Fiber 10 Gbps interfaces with up to 10 Gbps line speed and the 3D9900 with 4 10 Gbps SR interfaces. The line speed is up to 10 Gbps.
TippingPoint
The TippingPoint Core Controller has six 10 Gbps Ethernet interfaces(3 segments). This is similar in design to the IBM solution. The controller distributes the load across the connected backend IPS devices. The total inspected bandwidth is dependant on the backend IPS devices.
July Microsoft Security Bullentins
July 14, 2009 by theipsguy · Leave a Comment
Here is the breakdown from some of the IPS vendors.
TippingPoint Digital Vaccine 7739
Bulletin # TippingPoint Filter #
MS09-028 8196*, 8302, 8307
MS09-029 4062*
MS09-030 8306
MS09-031 8305
MS09-032 8296*, 8317
KB973472 8322
Cisco S414
19383 DirectX Size Validation Vulnerability string-tcp
19384 DirectX Pointer Validation Vulnerability meta
19384.1 DirectX Pointer Validation Vulnerability multi-string
19384.2 DirectX Pointer Validation Vulnerability string-tcp
19401 Microsoft Publisher File Parsing Vulnerability string-tcp
19339.1 Microsoft DirectShow msvidctl.dll Code Execution string-tcp
19339.6 Microsoft DirectShow msvidctl.dll Code Execution string-tcp
19339.7 Microsoft DirectShow msvidctl.dll Code Execution string-tcp
19339.8 Microsoft DirectShow msvidctl.dll Code Execution string-tcp
19339.9 Microsoft DirectShow msvidctl.dll Code Execution string-tcp
19339.2 Microsoft DirectShow msvidctl.dll Code Execution string-tcp
19339.3 Microsoft DirectShow msvidctl.dll Code Execution string-tcp
19339.4 Microsoft DirectShow msvidctl.dll Code Execution string-tcp
19339.5 Microsoft DirectShow msvidctl.dll Code Execution string-tcp
IBM/ISS
| MS09-029, MS09-028 Proventia Network IDS XPU 29.070 Proventia Network IPS XPU 29.070 Proventia Network MFS XPU 29.070 Proventia Server IPS for Linux technology 29.070 Proventia Server IPS for Microsoft Windows technology 1.0.914.2410 Proventia Server IPS for Microsoft Windows technology 2.0.300.2410 Proventia-G 1.1 and earlier XPU 29.070 RealSecure Network XPU 29.070 RealSecure Server Sensor XPU 29.070 |
Welcome
July 13, 2009 by theipsguy · Leave a Comment
Hello,
This is the first post on the Intrusion Detection and Prevention blog. I plan to post information relating to these technologies, the vendors, etc. I hope you find it useful and interesting.
July 13, 2009 by theipsguy · Leave a Comment
Today Microsoft released a bulletin for the Office Web components. Below is a link to the advisory. I wanted to see what the IPS vendors have available to detect/prevent the exploitation of this vulnerability.
I will update the list as I identify vendors with signatures. If you know of any vendors I have not listed let me know.
Cisco: released Signature Update S413
http://www.microsoft.com/technet/security/advisory/973472.mspx
