Building the Case for Intrusion Prevention

Filed under IPS, Mcaffe by on September 9, 2011 at 6:23 pm {no comments}

With the myriad of ‘trendy’ security topics taking the spotlight today, it is critical that organizations continue to focus on core network security, namely intrusion prevention, which is one of the most effective methods for securing the enterprise.

Please join DG Technology for an online briefing on: • Do businesses need Intrusion Prevention Systems (”IPS”)? • If so, what’s the best way to evaluate potential IPS vendors? • Which vendor should you select for your IPS requirements?

Join us for this webinar. https://www3.gotomeeting.com/register/206228382

Virtual IPS vs. Virtualized IPS

Filed under IBM, IPS, Mcaffe, Sourcefire by on April 27, 2010 at 1:48 pm {no comments}

Virtualization is a top priority for most organizations today. Security of these virtualized environments should also be a top priority and in the Intrusion Prevention market most vendors are developing or have developed virtual or virtualized solutions.

The terms virtual IPS and virtualized IPS have different meanings and I want to take some time to attempt to differentiate these terms. Most vendors have had virtual IPS for many years. Virtual IPS is the ability to apply different polices to certain types of traffic. This could be done using VLAN tags or physical interfaces. IBM does this using the Protection Domains feature which allows a different policy to be deployed to different VLAN’s. Mcafee does this by allowing different policies to be assigned to physical interfaces and can also support policies to be applied based no VLAN tags.

Virtualized IPS is what most of us think of today when we discuss virtualization. Virtualized IPS is an IPS appliance that runs in a virtual environment such as VmWare, Zen or Microsoft’s Hyper-V. The IPS is installed as a virtual server and can be configured so that all server to server traffic inside and outside the virtual environment can be monitored by an IPS.

It is important to be clear on these differences in terminology because not all vendors have virtualized IPS and most sales people will not know enough to properly answer the question, Do you support virtualization? Most will say yes, because they have heard their support teams talk about virtual IPS not virtualized IPS. Virtualized IPS will continue to grow in importance and eventually all the major Intrusion Prevention vendors will have these offerings. Until then do your homework and hold the vendors accountable.

Errors with Mcafee Endpoint Encryption

Filed under Mcaffe by on April 15, 2010 at 7:00 pm {2 comments}

I have a client that is deploying Mcafee Endpoint Encryption, formerly known as Safeboot. The product integrates with Active Directory and the newest version can be managed through the ePO management console. Overall the product has experienced a number of problems. Most of these problems are documented and can be mitigated by defragmenting the disk or removing software that replaces the MSGINA, such as the HP Protect Tools.

The one problem that they have not been able to correct though is the Sector Chain is Invalid error. This error generally happens right after installation but can happen at any time.  According to the support engineers I have spoken to the machine is generally unable to be recovered! This is a serious problem that Mcafee seems to not be addressing. They have said they are unable to replicate the problem but this issue has been brought up multiple times in different forums going back to 2008.

Come on Mcafee you need to fix this problem. You supposedly have hundreds of thousands of customers and you make the encryption used by the HP Protect Tools. You can fix this and need to ASAP.

HP Forums

http://bit.ly/dalIDD

Mcafee Knowledgebase Article

http://bit.ly/dCeL2q

Intrusion Prevention Cabling

Filed under IPS, Mcaffe by on March 19, 2010 at 12:57 pm {no comments}

As a follow up on my previous post on cabling an IPS I have attached an example that I have seen successful.This example is specific to a Mcafee M2750 device and assumes interfaces that are hard set. Note that the actual firewall and LAN switch are using Straight cables and not cross-over. The only cross-over is placed between the Fail-open kit and the IPS.

Visio Stencils for Mcafee and IBM/ISS IPS devices now available for download.

Filed under IBM, IPS, Mcaffe by on November 20, 2009 at 2:00 am {no comments}

I now have available for download the Mcaffe and IBM/ISS Visio Stencils. You can find them on my download page. I hope to post more over the next few weeks. If you have some please send them to me.

Mcaffe and IBM Comparison

Filed under IBM, IPS, Mcaffe by on October 6, 2009 at 6:07 pm {no comments}
IBM
Device
GX4004
GX5008
GX5108
GX5208 (more…)
Page 1 of 212»

Switch to our mobile site