Features

Author Peter Warren and Michael Streeter

Author Roberta Bragg

Barbedwire's 1U DPI 100e is a firewall product that uses a 2GHz Celeron processor and 256MB RAM to provide enough power to run its IDS/IPS services.

The APD 1000 is a 1U, Pentium 4-based server running Linux. As such, the first configuration steps are to connect a keyboard and mouse, and enter a management IP address for its management Fast Ethernet interface. It's quick and easy to do, and then gives access to the ADP 1000's web-based management, the Dashboard.

McAfee's IntruShield 2700 fits into the middle of its range, offering 600Mbps of throughput. It has six Fast Ethernet and two GBIC ports for detection, and three Fast Ethernet ports for responses. You can install it in either tap mode or inline mode, where the box sits between the router and main network. In inline mode, it's recommended that you use the appliance's high-availability mode.

Symantec's NS 7120 uses a similar-looking chassis to its firewall range, complete with the LCD control panel. This means it is the easiest device to initially configure, as you can set an IP address within minutes of turning it on.

This is a 2U chassis designed to block attacks before they cause damage. It sits between the WAN and firewall, rather than inside the firewall as with other products.

The Proventia G400 might look like a standard rack-mount Intel-based server, but it's a lot more than that. The hardware was specifically chosen, drivers written for it and a network agent pre-installed. As a result, it can cope with up to 400Mbps of throughput and monitor up to four network segments using its four copper and four fiber Gigabit Ethernet ports.

NFR's Sentivist IPS uses a combination of hardware sensors, and software for managing. It ships with a Java-based management console, which is good for monitoring and configuring individual sensors.

This is part of SonicWall's security platform appliance range. It's the top-of-the-line model, featuring six Gigabit Ethernet ports and an Intel Xeon processor. Technically, it's not actually an IPS appliance, but more of a firewall with IPS abilities. That said, you can turn the main firewall off and operate it in-line with another firewall.

Sourcefire's Intrusion Sensor 2000 (IS2000) is an Intel-based appliance that runs a hardened version of Linux and the intrusion detection software. It uses two Fast Ethernet interfaces and has a throughput of 100Mbps.

This IPS (the renamed UnityOne-50) is the baby of TippingPoint's range, able to support throughput of up to 50Mbps – but the firm has a full range of products, able to cope with throughput up to five gigabits. The TippingPoint 50 has dual Fast Ethernet ports, so it can work inline with a connection and a dedicated management port.

This might not be the most attractive appliance, with a bright green front, but its flexible architecture is likely to win it support. It is designed to sit internally or between the firewall and router and can support up to 100Mbps of network traffic. It comes with two Fast Ethernet ports and operates in-line with a network connection. There is also a dedicated management port.

XSGuard's C-Series is the easiest product to install. Just plug the internal side of your network into the marked Fast Ethernet port and the external side in the other marked port. Turn the box on and it connects to the XSGuard servers and starts filtering traffic at 100Mbps.

AuthorB. Winkel, C. Deavours, D. Kahn, D. Kruh

Author Kevin Mitnick & William Simon

Publisher Larstan