Always good to know what is coming in a few days. These patches must be applied to prevent vulnerabilities in the code being taken advantage of.

10/06/2011

In choosing an Intrusion Prevention System keep the following 7 things in mind:
1) Placing the IPS in the right place is very important - (behind a firewall) it has to have a significant chunk of traffic so as to inspect and protect your network.

2) Set up or configure the IPS with the proper tuning parameters which is dependent on your network configuration (protecting web server farm for example)

3) Remember to keep in mind the availability of your network, as the IPS can have problems as well (IBM's IPS had bypass units), in case of a reboot or other issue what should the network availability be?

4) Create a way to test new blocking parameters before using on the production network environment

5) Training and testing on the IPS is a useful and even mandatory in todays network needs

6) Frequent upgrades require testing on a test environment - may be expensive but necessary as the systems need proper vetting before trying new tags and blocking tests.

7) Process improvements are necessary - keep improving the train, test, and production implementation.

10/05/2011

TippingPoint is HP's line for Intrusion Prevention systems

The N platform bundles have 10Gbps throughput capabilities.

HP has not mentioned that it would get out of this business (unlike their PC line).

The technical datasheet for HP TippingPoint.

10/04/2011

Sourcefire is another company that makes IPS units. Of course snort is also on their site, as they are involved in the open source snort IDS project.

I used snort almost right after it was put together (1998 by Martin Roesch) around 2000 I downloaded it and ran a honeypot on my network.

10/01/2011

McAfee IPS systems website link

A little snippet from McAfee datasheet:

Protect your systems

• Proactive protection for unpatched systems
• Proactive protection for zero-day attacks
• System-aware intrusion prevention system (IPS) with McAfee ePO integration
• Host IPS/virus/spyware event visibility

09/28/2011

Here is Juniper Network IPS systems Products page

Juniper Product IDP800 ,

I am including this since it is the comparison with the GX5 series from IBM: IDP800 specs.

with a 1Gbps throughput.

09/26/2011

Very important link to read through: SANS.org IPS Intrusion FAQ

About the different IPS systems from 6 different vendors: Cisco, McAfee, Juniper, IBM, Sourcefire and TippingPoint.

This is definitely an interesting sentence: "These same six providers also rank highest in terms of their effectiveness on the latest Gartner report, although CIsco and IBM are considered to be challengers to the market led by the other four vendors."

So it definitely should be read as a good overview.

09/25/2011

Here is a link to one of the Cisco IPS systems:
cisco IPS solutions

the National institute of Standards and technology have a paper on IPS systems: NIST paper

09/24/2011

this is a picture of a racked GX5008 and bypass unit. Bypass on top of the IPS in the rack.

Notice that the lower Green cables on the bypass (the application ports) connect to the IPS.
the upper cables are the network side and connect to the two devices that the IPS will inspect traffic.
The reason the bypass device is there to ensure uptime for the network inspection link. Just in case the IPS device GX5008 has a serious problem, there is a physical 'bypass', and will of course not inspect any traffic, but there is no downtime for your network link.
When rebooting the GX5008, there will be momentary loss of network as the bypass takes over, but the network will come back in seconds.

Although some of the newer units like the GX6116(16 interfaces or 8 links) has a built-in bypass. Also has 5Gbps processing ability.
For comparison the GX5008 has 1Gbps, and the GX4004 has 200Mbps throughput.

9/18/2011

Here is a picture of one of the IPS systems I was working with :

Here is a wholesaler who sells GX4004 Proventia systems Proventiaworks.

The system is actually one of the smaller systems, and only has copper interfaces. So if you need fiber, you have to go with the GX5000 series systems, and they come in many different flavors.
Also worked with the GX5008, GX5108, and GX5208 systems.

9/14/2011

I am a member of the ISACA.org an auditing organization
The organization's history link.
formerly the Information Systems Audit and Control Association.

there was an interesting Oracle presentation at the SecureWorldExpo at Americas center - downtown Saint Louis.

9/12/2011

Recently purchased an Evo Shift (an Android based Smart phone). With this purchase I looked into how to backup the phone data. I know the purchased apps get repopulated as they are connected to your Google account.

Since SMS messages do not get backed up consider getting: SMS Backup application backups your SMS messges to your Google account.
Also another app if you want to transfer your current SMS messages to another phone (in case of an upgrade or a replacement) SMS Backup and Restore
09/05/2011

Have been busy with a long project for an unnamed company:

Managing Proventia Network Intrusion Prevention Systems (NIPS) by ISS - Internet Security Systems. Actually IBM has purchased ISS, so these are IBM devices now.

Essentially these are inline network devices. they inspect all network traffic in layer 2.

Running Linux CentOS, with proprietary systems for the inline network inspection software system.
Here is a reseller with the GX5108, which can inspect more than 1GB/s ProventiaWorks.com
Tony Zafiropoulos
1/29/11

Moved all of 2009 and 2010 posts to the followig page: 2009 - 2010

Innovators Dillemma graph:

Notice that the Disruptive technology starts out at a lower market capability than the established line, but it too will rise.

The key is to find a market at the lower levels with the future in mind.
Of course it is easier said than done, and depends on your budget - but hte rewards can be immense.

See below on a recent post about more information on the book Innovators Dillema.

Woman finds error in TurboTax
from a story in Firstcoastnews.com (NBC): OHAMA, NE -- A woman recently discovered a shocking flaw with a website thousands of people use to prepare their taxes.
Instead of taking advantage of this potential gold mine for identity thieves, she is calling attention to it to protect other taxpayers.
Very interesting - who knows how many people were hacked by this flaw? (TonyZ 4/12/2007)

Old fixvirus.com webpage - as it looked 05/09/2007

Symantec Hoax list: Do not propagate the hoax 'warnings'. When receiving an email to send to 10 friends check this list first.

McAfee virus list - includes virus map'

An excellent explanation of the Benefits of Open Source:www.theaceorb.com benefits page Just checked it out, and still a very good reference of how open source programming works ;). 03/2/2006 TonyZ

Control/politics review:Open Source technologies allow businesses to take control of their destiny. You are not dependent on the cendor getting features installed that are important to your business.

The Business case for Open Source

SANS Institute incidents.org CID: Consensus Intrusion Database
SANS.org is an excellent group that looks at many security related issues... CID gives a snapshot of current hacker / worm activity on the net.

Anti-Virus centers that we use to control viruses.
McAfee Virus Information Library
This database contains information on more than 50,000 known viruses, including how they work and how to kill them.
Symantec AntiVirus Research Center
Symantec's security update web page - extensive resources and latest information on viruses on the Internet.

Washington Post Chronological History of the Computer Virus

Email the webmaster design@ctitek.com with any ideas or comments :).