Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The Sourcefire box does all the things an IPS should do. It fits comfortably in the category of an average IPS, although it must be remembered that the Sourcefire 3D Suite includes a ton of IDS, scanning, and vulnerability management capability which falls outside the context of this review. As an IPS, the box has no standout features, and nothing specifically separates it from other IPSs.
With the management interface geared around the suite as a whole, narrowing down IPS functionality was difficult. There is no defined procedure for setting policies or determining what types of policies are needed.
The configuration of the box itself involves a long navigation through a complicated web interface, and setting different policies and generating the reports we needed was time-consuming and became more difficult the further we progressed.
The box defended against normal scans and attacks, but we were able to compromise the sensor by launching a denial-ofservice attack and bypassing the IPS. With the sensor disabled, the computers on our target network became susceptible to attack by our testing tools. The console could flag up a dead sensor, but that of course will not protect the systems that are under attack.
The appliance comes with a CD that contains documentation and restore information. There are two manuals, one is an installation guide and the other is an administrator manual. But the documentation is very long, more than 900 pages, and is geared to operating the suite as a whole. If the manual is needed to answer specific configuration issues or questions, the search for information can be very time-consuming.
There is a lot of support offered from Sourcefire, including full telephone technical support as well as online help files and email support, as part of an online support site.
The product comprises three appliances: the IS 1000; the RNA; and the Defense Center. It is fairly pricey for its abilities but does require reasonably intensive deployment and management. But you would not buy it for the IPS – this is just one component of the whole suite, which is a much more attractive proposition.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.