[ISN] Security UPDATE -- A New IPS Test Report -- February 16, 2005

InfoSec News isn at c4i.org
Thu Feb 17 04:43:58 EST 2005


This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which you 
might be interested. Please take a moment to visit these advertisers' 
Web sites and show your support for Security UPDATE. 

An Evaluation of the Total Cost of Ownership of Email Security 

Security Administrator


1. In Focus: A New IPS Test Report

2. Security News and Features
   - Recent Security Vulnerabilities
   - Serious Flaws in Symantec and F-Secure Protection Products
   - Microsoft Investigating Anti-Anti-Spyware Trojan

3. Security Matters Blog
   - How to Detect Network Sniffers
4. Security Toolkit
   - FAQ
   - Security Forum Featured Thread

5. New and Improved
   - A Faster IPS


==== Sponsor: Postini====
   An Evaluation of the Total Cost of Ownership of Email Security 
   Quantifying the Total Cost of Ownership (TCO) of email security 
solutions is a notoriously difficult task. Discover how Total Cost of 
Ownership is much more than the initial acquisition cost of a 
solution, and how you can save thousands of dollars each year without 
sacrificing accuracy, control or effectiveness in protecting your 
email systems. Download this free whitepaper now!   


==== 1. In Focus: A New IPS Test Report ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

You might recall that The NSS Group periodically releases in-depth 
test reports that can be very useful to security administrators 
looking for solutions. Over the past couple of years, I have written 
twice about the group's product testing for Intrusion Detection 
Systems (IDSs) and Intrusion Prevention Systems (IPSs). In my 
September 24, 2003 article "Evaluating Intrusion Detection Systems," 
I wrote about the group's tests of IDSs for 10Mbps/100Mbps Ethernet 
and Gigabit Ethernet networks. In my March 17, 2004 
article "Evaluating Intrusion Prevention Systems," I wrote about the 
group's tests of IPSs. 

The NSS Group recently finished its second round of tests and has 
made the results available online. According to the group, 
testing "consists of seven sections within three primary areas: 
performance and reliability, security accuracy, and usability." The 
group also said that "the brand new test suite contains more than 800 
individual tests, many of which are run multiple times, to provide 
the most thorough and complete evaluation anywhere of IPS products 
available today." 

An interesting tidbit from the latest report is that nine vendors 
signed up for the recent tests. However four of the products didn't 
make the cut during stringent testing, so the final report covers the 
five remaining products. The current report includes detailed test 
information about BroadWeb NetKeeper NK-3256T 3.6.0, Fortinet 
FortiGate-800, SecureSoft Absolute IPS NP5G 1.1, Top Layer IPS 5500 
3.3, and V-Secure V-100 7.0. 

A couple of other interesting notes are related to performance. 
During earlier tests, The NSS Group measured IDS and IPS top traffic-
processing speeds of 1Gbps to 2Gbps; this year, top speeds well 
exceeded that threshold. So the group decided to launch a new 
multigigabit IPS test later this year. Ten vendors have reportedly 
already signed up for the next test. 

It's also interesting to note that industry analysts had previously 
claimed that IDS and IPS systems were things of the past. But 
something is seriously wrong with that "analysis," because IDS and 
IPS systems are still being used, and according to The NSS Group, the 
number of available products has actually grown! 

The group said that over the last year, it has improved the testing 
suite and introduced a new methodology to conduct in-depth tests of 
rate-based IPS systems, which gives a more accurate evaluation of 
their capabilities as compared to the evaluation of content-based IPS 

The report itself is great information for security administrators 
looking for evaluations of prospective product choices. The report is 
also valuable in that it offers details about the group's test 
methodologies as well as about the hardware and software solutions 
the group uses to conduct its tests. 

As has been the case in the past, the results of the new report are 
freely available at the group's Web site (see the first URL below). 
If you missed the past reports, you can find those online too (see 
the second URL below). If you want a copy of all reports on CD-ROM or 
copies of selected reports in PDF format, you can purchase those at 
the Web site.

Until next time, have a great week. 


==== Sponsor: Security Administrator ====
   Try a Sample Issue of Security Administrator! 
   Security Administrator is the monthly newsletter from Windows IT 
Pro that shows you how to protect your network from external 
intruders and control access for internal users. As an added bonus, 
paid subscribers get access to over 1900 searchable articles on the 
Web. Sign up now to get a 1-month trial issue--you'll feel more 
secure just knowing you did. Click here!


==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at

Serious Flaws in Symantec and F-Secure Protection Products
   Internet Security Systems (ISS) reported that its X-Force research 
team has discovered a serious vulnerability in a Symantec parsing 
engine that's used in several of the company's products. ISS X-Force 
also discovered a critical flaw in F-Secure's antivirus and Internet 
security products. The flaw is in the way the products scan files 
that are compressed with ARJ compression.

Microsoft Investigating Anti-Anti-Spyware Trojan
   by Paul Thurrott
   Microsoft is investigating a new electronic attack that attempts 
to disable the Microsoft AntiSpyware beta product so that it can 
surreptitiously install spyware on users' systems. 


==== Resources and Events ====

Get Ready for SQL Server 2005 Roadshow in a City Near You
   Get the Facts about Migrating to SQL Server 2005. SQL Server 
experts will present real-world information about administration, 
development, and business intelligence to help you implement a best-
practices migration to SQL Server 2005 and improve your database 
computing environment. Receive a 1-year membership to PASS and 1-year 
subscription to SQL Server Magazine. Register now!

Fax Servers: Integrate. Automate. Communicate
   Attend this free Web seminar and receive a complimentary 30-day 
software evaluation, industry whitepaper, and a Starbuck's gift card! 
Join industry expert David Chernicoff and learn how leading 
organizations are incorporating fax technologies to empower users and 
enhance existing investments in infrastructure and applications while 
providing substantial ROI. Register now!

Sensible Best Practices for Exchange Availability Web Seminar
   If you're discouraged about not having piles of money for 
improving the availability of your Exchange server, join Exchange MVP 
Paul Robichaux for this free Web seminar and learn how to maximize 
your existing configuration. Survive unexpected outages, plan for the 
unplannable, and evaluate what your real business requirements are 
without great expense. Register now!   

Keeping Critical Applications Running in a Distributed Environment
   Get up to speed fast with solid tactics you can use to fix 
problems you're likely to encounter as your network grows in 
geographic distribution and complexity and learn how to keep your 
network's critical applications, such as Active Directory and 
Exchange, running. Don't miss this exclusive opportunity--register 

Discover All You Need to Know About 64-bit Computing in the Enterprise
   In this free Web seminar, industry guru Michael Otey explores the 
need for 64-bit computing and looks at the type of applications that 
can make the best use of it. He'll explain why the most important 
factor in the 64-bit platform is increased memory. Discover the best 
platform for high performance and learn how you can successfully 
differentiate, migrate, and manage between 32-bit and 64-bit 
technology. Register now!


==== 3. Security Matters Blog ====
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=21DF:4FB69

Check out this recent entry in the Security Matters blog:

How to Detect Network Sniffers
   I found a new free tool that can help detect network sniffers on 
your network.  The new tool, Promqry 1.0, was developed by Tim Rains 
at Microsoft. 

==== 4. Security Toolkit ==== 

   by John Savill, http://list.windowsitpro.com/t?ctl=21DB:4FB69 

Q. How can I enable complex passwords on my Windows Server 2003 
Active Directory (AD) domain? 

Find the answer at http://list.windowsitpro.com/t?ctl=21D6:4FB69

Security Forum Featured Thread: Monitoring File System Changes
   Jay wonders whether there's a utility that can monitor for file 
system changes when an application is installed. Jay wants to be able 
to detect all the files that have been added, deleted, or changed 
during the installation process. Join the discussion at


==== Announcements ====
   (from Windows IT Pro and its partners)

Try a Sample Issue of Exchange & Outlook Administrator!
   If you haven't seen Exchange & Outlook Administrator, you're 
missing out on key information to help you migrate, optimize, 
administer, backup, recover, and secure Exchange and Outlook. Plus, 
paid subscribers receive exclusive online library access to every 
article we've ever published. Order now!


==== 5. New and Improved ====
   by Renee Munshi, products at windowsitpro.com

A Faster IPS
   TippingPoint, a division of 3Com, announced that the TippingPoint 
5000E Intrusion Prevention System (IPS), which can perform total 
packet inspection at 5Gbps with real-world traffic, will ship next 
month. TippingPoint claims that the 5Gbps throughput rate is "more 
than double any other IPS's maximum rated throughput." TippingPoint 
5000E comes with eight Gigabit Ethernet ports able to protect four 
network segments. The TippingPoint product line is automatically kept 
up-to-date through the Digital Vaccine service to protect against the 
latest worms, viruses, Trojan horses, Denial of Service (DoS) 
attacks, spyware, and Voice over IP (VoIP) threats. For more 
information about TippingPoint 5000E, go to

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 
whatshot at windowsitpro.com.

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Security Administrator print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to 
r2rsecadmin at windowsitpro.com. If we print your submission, you'll get 
$100. We edit submissions for style, grammar, and length.


==== Sponsored Links ====

Argent versus MOM 2005
   Experts Pick the Best Windows Monitoring Solution 

Quest Software
   See Active Directory in a whole new light. And get a free 


==== Contact Us ==== 

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=21E1:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com


This email newsletter is brought to you by Security Administrator, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

More information about the ISN mailing list