intrusion

Barbedwire's 1U DPI 100e is a firewall product that uses a 2GHz Celeron processor and 256MB RAM to provide enough power to run its IDS/IPS services.

The APD 1000 is a 1U, Pentium 4-based server running Linux. As such, the first configuration steps are to connect a keyboard and mouse, and enter a management IP address for its management Fast Ethernet interface. It's quick and easy to do, and then gives access to the ADP 1000's web-based management, the Dashboard.

McAfee's IntruShield 2700 fits into the middle of its range, offering 600Mbps of throughput. It has six Fast Ethernet and two GBIC ports for detection, and three Fast Ethernet ports for responses. You can install it in either tap mode or inline mode, where the box sits between the router and main network. In inline mode, it's recommended that you use the appliance's high-availability mode.

Symantec's NS 7120 uses a similar-looking chassis to its firewall range, complete with the LCD control panel. This means it is the easiest device to initially configure, as you can set an IP address within minutes of turning it on.

This is a 2U chassis designed to block attacks before they cause damage. It sits between the WAN and firewall, rather than inside the firewall as with other products.

The Proventia G400 might look like a standard rack-mount Intel-based server, but it's a lot more than that. The hardware was specifically chosen, drivers written for it and a network agent pre-installed. As a result, it can cope with up to 400Mbps of throughput and monitor up to four network segments using its four copper and four fiber Gigabit Ethernet ports.

NFR's Sentivist IPS uses a combination of hardware sensors, and software for managing. It ships with a Java-based management console, which is good for monitoring and configuring individual sensors.

This is part of SonicWall's security platform appliance range. It's the top-of-the-line model, featuring six Gigabit Ethernet ports and an Intel Xeon processor. Technically, it's not actually an IPS appliance, but more of a firewall with IPS abilities. That said, you can turn the main firewall off and operate it in-line with another firewall.

Sourcefire's Intrusion Sensor 2000 (IS2000) is an Intel-based appliance that runs a hardened version of Linux and the intrusion detection software. It uses two Fast Ethernet interfaces and has a throughput of 100Mbps.

This IPS (the renamed UnityOne-50) is the baby of TippingPoint's range, able to support throughput of up to 50Mbps – but the firm has a full range of products, able to cope with throughput up to five gigabits. The TippingPoint 50 has dual Fast Ethernet ports, so it can work inline with a connection and a dedicated management port.

This might not be the most attractive appliance, with a bright green front, but its flexible architecture is likely to win it support. It is designed to sit internally or between the firewall and router and can support up to 100Mbps of network traffic. It comes with two Fast Ethernet ports and operates in-line with a network connection. There is also a dedicated management port.

XSGuard's C-Series is the easiest product to install. Just plug the internal side of your network into the marked Fast Ethernet port and the external side in the other marked port. Turn the box on and it connects to the XSGuard servers and starts filtering traffic at 100Mbps.

Author Kevin Mitnick & William Simon

Documentation was also available on CD. The steps were laid out and neatly organized. Pictures of an actual installation were included for reference and there were even instructions for rack-mounting the IPS server. The content was easy to understand and did not assume a high level of expertise.

Two quick-reference cards were provided making it easy for operators to bypass all the major settings and quickly configure a running system. For those wishing to read in detail, the complete actual manual has over 300 pages distributed among 14 chapters. Compared to the other IPS products we tested, ISS's documentation appeared to be very thorough and complete.

Technical support was not required and a test call resulted in a satisfactory response.

There were no difficulties with the basic installation of the IPS. However, it did require third-party software and hardware, specifically, a Windows 2000 Server and Microsoft SQL2000. We see no problem with the option of using an external third-party database, but believe that all required software should be supplied.

We reluctantly rank the ISS Proventia at three stars due to its requirement for third-party software and an additional server. The ISS device is not the most expensive product we tested, but its value for money rating is impacted severely by the requirement for third-party software and hardware.