Some time ago I did a little survey on this.
Most of the leading vendors put a lot of energy in building up "real" IPv6 support. Some of them actually do a nice job by now (supporting fragmentation and extension headers). Of course there is still a lot of r&d to do. In the end, it all comes down to signatures (reputation isn't a big issue right now, due to the lack of proliferation of IPv6). There, ratios of big vendors are between 20 and 60% of IPv6 signatures, compared to IPv4 signatures. They add, of course, support of IPv6 with the demand for it, which is still low but constantly rising. They try to have a solution ready when the big run (and thus, the big money) on IPv6 sets in.
Cheers,
Stefan
-----Ursprüngliche Nachricht-----
Von: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] Im Auftrag von Mrs. Y.
Gesendet: Mittwoch, 30. Mai 2012 20:44
An: security-basics (at) securityfocus (dot) com [email concealed]
Betreff: Re: Internal Intrusion Detection/Prevention -- High Throughput -- Snort/Cisco/Others?
You know, I keep *hearing* about "full IPv6 support" from security vendors. I would like to see what these pricey vendor solutions do up against a full IPv6 network fuzzer. Once you fragment or add multiple extension headers, I understand they crap themselves.
On 5/30/2012 1:37 PM, Jerry Fraizer wrote:
> TippingPoint is a great solution for IPS/IDS.
>
> IPv6 is fully supported, TippingPoint has a false positive rate lower than any other product in the space, TippingPoint is designed to be placed in-line to actively mitigate threats. TP is super low latency. To top it off the administrative burden is a fraction of other solutions.
>
> Jerry Fraizer, CEH
>
> On May 30, 2012, at 9:54 AM, Henri Salo<henri (at) nerv (dot) fi [email concealed]> wrote:
>
>> On Wed, May 30, 2012 at 09:49:37AM -0400, Jon D wrote:
>>> I'm curious what other people have found to be good fits product
>>> wise for internal IDS.
>>> Say if you want to monitor a handful of high bandwidth servers on
>>> the inside network without spending a fortune.
>>>
>>> I was thinking about using a Cisco IDS, but they're a little pricey
>>> for high bandwidth models.
>>>
>>>
>>> Any thoughts?
>>>
>>>
>>>
>>> Thanks,
>>> Jon
>>
>> Sourcefire. They really are worth of the money.
>>
>> - Henri Salo
>>
>> ---------------------------------------------------------------------
>> --- Securing Apache Web Server with thawte Digital Certificate In
>> this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
>> 442f727d1
>> ---------------------------------------------------------------------
>> ---
>>
>
> ----------------------------------------------------------------------
> -- Securing Apache Web Server with thawte Digital Certificate In this
> guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> 42f727d1
> ----------------------------------------------------------------------
> --
>
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
Most of the leading vendors put a lot of energy in building up "real" IPv6 support. Some of them actually do a nice job by now (supporting fragmentation and extension headers). Of course there is still a lot of r&d to do. In the end, it all comes down to signatures (reputation isn't a big issue right now, due to the lack of proliferation of IPv6). There, ratios of big vendors are between 20 and 60% of IPv6 signatures, compared to IPv4 signatures. They add, of course, support of IPv6 with the demand for it, which is still low but constantly rising. They try to have a solution ready when the big run (and thus, the big money) on IPv6 sets in.
Cheers,
Stefan
-----Ursprüngliche Nachricht-----
Von: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] Im Auftrag von Mrs. Y.
Gesendet: Mittwoch, 30. Mai 2012 20:44
An: security-basics (at) securityfocus (dot) com [email concealed]
Betreff: Re: Internal Intrusion Detection/Prevention -- High Throughput -- Snort/Cisco/Others?
You know, I keep *hearing* about "full IPv6 support" from security vendors. I would like to see what these pricey vendor solutions do up against a full IPv6 network fuzzer. Once you fragment or add multiple extension headers, I understand they crap themselves.
On 5/30/2012 1:37 PM, Jerry Fraizer wrote:
> TippingPoint is a great solution for IPS/IDS.
>
> IPv6 is fully supported, TippingPoint has a false positive rate lower than any other product in the space, TippingPoint is designed to be placed in-line to actively mitigate threats. TP is super low latency. To top it off the administrative burden is a fraction of other solutions.
>
> Jerry Fraizer, CEH
>
> On May 30, 2012, at 9:54 AM, Henri Salo<henri (at) nerv (dot) fi [email concealed]> wrote:
>
>> On Wed, May 30, 2012 at 09:49:37AM -0400, Jon D wrote:
>>> I'm curious what other people have found to be good fits product
>>> wise for internal IDS.
>>> Say if you want to monitor a handful of high bandwidth servers on
>>> the inside network without spending a fortune.
>>>
>>> I was thinking about using a Cisco IDS, but they're a little pricey
>>> for high bandwidth models.
>>>
>>>
>>> Any thoughts?
>>>
>>>
>>>
>>> Thanks,
>>> Jon
>>
>> Sourcefire. They really are worth of the money.
>>
>> - Henri Salo
>>
>> ---------------------------------------------------------------------
>> --- Securing Apache Web Server with thawte Digital Certificate In
>> this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
>> 442f727d1
>> ---------------------------------------------------------------------
>> ---
>>
>
> ----------------------------------------------------------------------
> -- Securing Apache Web Server with thawte Digital Certificate In this
> guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> 42f727d1
> ----------------------------------------------------------------------
> --
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]