[ISN] Security UPDATE -- A New IPS Test Report -- February 16, 2005
isn at c4i.org
Thu Feb 17 04:43:58 EST 2005
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which you
might be interested. Please take a moment to visit these advertisers'
Web sites and show your support for Security UPDATE.
An Evaluation of the Total Cost of Ownership of Email Security
1. In Focus: A New IPS Test Report
2. Security News and Features
- Recent Security Vulnerabilities
- Serious Flaws in Symantec and F-Secure Protection Products
- Microsoft Investigating Anti-Anti-Spyware Trojan
3. Security Matters Blog
- How to Detect Network Sniffers
4. Security Toolkit
- Security Forum Featured Thread
5. New and Improved
- A Faster IPS
==== Sponsor: Postini====
An Evaluation of the Total Cost of Ownership of Email Security
Quantifying the Total Cost of Ownership (TCO) of email security
solutions is a notoriously difficult task. Discover how Total Cost of
Ownership is much more than the initial acquisition cost of a
solution, and how you can save thousands of dollars each year without
sacrificing accuracy, control or effectiveness in protecting your
email systems. Download this free whitepaper now!
==== 1. In Focus: A New IPS Test Report ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
You might recall that The NSS Group periodically releases in-depth
test reports that can be very useful to security administrators
looking for solutions. Over the past couple of years, I have written
twice about the group's product testing for Intrusion Detection
Systems (IDSs) and Intrusion Prevention Systems (IPSs). In my
September 24, 2003 article "Evaluating Intrusion Detection Systems,"
I wrote about the group's tests of IDSs for 10Mbps/100Mbps Ethernet
and Gigabit Ethernet networks. In my March 17, 2004
article "Evaluating Intrusion Prevention Systems," I wrote about the
group's tests of IPSs.
The NSS Group recently finished its second round of tests and has
made the results available online. According to the group,
testing "consists of seven sections within three primary areas:
performance and reliability, security accuracy, and usability." The
group also said that "the brand new test suite contains more than 800
individual tests, many of which are run multiple times, to provide
the most thorough and complete evaluation anywhere of IPS products
An interesting tidbit from the latest report is that nine vendors
signed up for the recent tests. However four of the products didn't
make the cut during stringent testing, so the final report covers the
five remaining products. The current report includes detailed test
information about BroadWeb NetKeeper NK-3256T 3.6.0, Fortinet
FortiGate-800, SecureSoft Absolute IPS NP5G 1.1, Top Layer IPS 5500
3.3, and V-Secure V-100 7.0.
A couple of other interesting notes are related to performance.
During earlier tests, The NSS Group measured IDS and IPS top traffic-
processing speeds of 1Gbps to 2Gbps; this year, top speeds well
exceeded that threshold. So the group decided to launch a new
multigigabit IPS test later this year. Ten vendors have reportedly
already signed up for the next test.
It's also interesting to note that industry analysts had previously
claimed that IDS and IPS systems were things of the past. But
something is seriously wrong with that "analysis," because IDS and
IPS systems are still being used, and according to The NSS Group, the
number of available products has actually grown!
The group said that over the last year, it has improved the testing
suite and introduced a new methodology to conduct in-depth tests of
rate-based IPS systems, which gives a more accurate evaluation of
their capabilities as compared to the evaluation of content-based IPS
The report itself is great information for security administrators
looking for evaluations of prospective product choices. The report is
also valuable in that it offers details about the group's test
methodologies as well as about the hardware and software solutions
the group uses to conduct its tests.
As has been the case in the past, the results of the new report are
freely available at the group's Web site (see the first URL below).
If you missed the past reports, you can find those online too (see
the second URL below). If you want a copy of all reports on CD-ROM or
copies of selected reports in PDF format, you can purchase those at
the Web site.
Until next time, have a great week.
==== Sponsor: Security Administrator ====
Try a Sample Issue of Security Administrator!
Security Administrator is the monthly newsletter from Windows IT
Pro that shows you how to protect your network from external
intruders and control access for internal users. As an added bonus,
paid subscribers get access to over 1900 searchable articles on the
Web. Sign up now to get a 1-month trial issue--you'll feel more
secure just knowing you did. Click here!
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
Serious Flaws in Symantec and F-Secure Protection Products
Internet Security Systems (ISS) reported that its X-Force research
team has discovered a serious vulnerability in a Symantec parsing
engine that's used in several of the company's products. ISS X-Force
also discovered a critical flaw in F-Secure's antivirus and Internet
security products. The flaw is in the way the products scan files
that are compressed with ARJ compression.
Microsoft Investigating Anti-Anti-Spyware Trojan
by Paul Thurrott
Microsoft is investigating a new electronic attack that attempts
to disable the Microsoft AntiSpyware beta product so that it can
surreptitiously install spyware on users' systems.
==== Resources and Events ====
Get Ready for SQL Server 2005 Roadshow in a City Near You
Get the Facts about Migrating to SQL Server 2005. SQL Server
experts will present real-world information about administration,
development, and business intelligence to help you implement a best-
practices migration to SQL Server 2005 and improve your database
computing environment. Receive a 1-year membership to PASS and 1-year
subscription to SQL Server Magazine. Register now!
Fax Servers: Integrate. Automate. Communicate
Attend this free Web seminar and receive a complimentary 30-day
software evaluation, industry whitepaper, and a Starbuck's gift card!
Join industry expert David Chernicoff and learn how leading
organizations are incorporating fax technologies to empower users and
enhance existing investments in infrastructure and applications while
providing substantial ROI. Register now!
Sensible Best Practices for Exchange Availability Web Seminar
If you're discouraged about not having piles of money for
improving the availability of your Exchange server, join Exchange MVP
Paul Robichaux for this free Web seminar and learn how to maximize
your existing configuration. Survive unexpected outages, plan for the
unplannable, and evaluate what your real business requirements are
without great expense. Register now!
Keeping Critical Applications Running in a Distributed Environment
Get up to speed fast with solid tactics you can use to fix
problems you're likely to encounter as your network grows in
geographic distribution and complexity and learn how to keep your
network's critical applications, such as Active Directory and
Exchange, running. Don't miss this exclusive opportunity--register
Discover All You Need to Know About 64-bit Computing in the Enterprise
In this free Web seminar, industry guru Michael Otey explores the
need for 64-bit computing and looks at the type of applications that
can make the best use of it. He'll explain why the most important
factor in the 64-bit platform is increased memory. Discover the best
platform for high performance and learn how you can successfully
differentiate, migrate, and manage between 32-bit and 64-bit
technology. Register now!
==== 3. Security Matters Blog ====
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=21DF:4FB69
Check out this recent entry in the Security Matters blog:
How to Detect Network Sniffers
I found a new free tool that can help detect network sniffers on
your network. The new tool, Promqry 1.0, was developed by Tim Rains
==== 4. Security Toolkit ====
by John Savill, http://list.windowsitpro.com/t?ctl=21DB:4FB69
Q. How can I enable complex passwords on my Windows Server 2003
Active Directory (AD) domain?
Find the answer at http://list.windowsitpro.com/t?ctl=21D6:4FB69
Security Forum Featured Thread: Monitoring File System Changes
Jay wonders whether there's a utility that can monitor for file
system changes when an application is installed. Jay wants to be able
to detect all the files that have been added, deleted, or changed
during the installation process. Join the discussion at
==== Announcements ====
(from Windows IT Pro and its partners)
Try a Sample Issue of Exchange & Outlook Administrator!
If you haven't seen Exchange & Outlook Administrator, you're
missing out on key information to help you migrate, optimize,
administer, backup, recover, and secure Exchange and Outlook. Plus,
paid subscribers receive exclusive online library access to every
article we've ever published. Order now!
==== 5. New and Improved ====
by Renee Munshi, products at windowsitpro.com
A Faster IPS
TippingPoint, a division of 3Com, announced that the TippingPoint
5000E Intrusion Prevention System (IPS), which can perform total
packet inspection at 5Gbps with real-world traffic, will ship next
month. TippingPoint claims that the 5Gbps throughput rate is "more
than double any other IPS's maximum rated throughput." TippingPoint
5000E comes with eight Gigabit Ethernet ports able to protect four
network segments. The TippingPoint product line is automatically kept
up-to-date through the Digital Vaccine service to protect against the
latest worms, viruses, Trojan horses, Denial of Service (DoS)
attacks, spyware, and Voice over IP (VoIP) threats. For more
information about TippingPoint 5000E, go to
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Security Administrator print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rsecadmin at windowsitpro.com. If we print your submission, you'll get
$100. We edit submissions for style, grammar, and length.
==== Sponsored Links ====
Argent versus MOM 2005
Experts Pick the Best Windows Monitoring Solution
See Active Directory in a whole new light. And get a free
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=21E1:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com
This email newsletter is brought to you by Security Administrator,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
More information about the ISN