iTnews

Review: TippingPoint 200E

By Peter Stephenson,CeRNS, on May 1, 2006 12:00AM
Review: TippingPoint 200E

Since 200E is what we call a learning device, it requires a little time on the network to begin protecting assets.

Since 200E is what we call a learning device, it requires a little time on the network to begin protecting assets.

The concept of a learning device is open to interpretation, however. With this product, there are two considerations. First, the device, as with most IPSs, must discover the network. It does this on an ongoing basis, assuring that it knows about all devices on the enterprise.

Additionally, we found that, during our initial vulnerability scan, the product could be seen transferring attacks to its blacklist. At that point, the NetClarity attacker reported that the target, presumably protected by the IPS, was visible and was vulnerable. Subsequent scans were ineffective and the target became invisible to the NetClarity device.

Additionally, when we then attacked with Core Impact, we were able to crash the target service on our victim machine, but were not able to penetrate.

Although the 200E performed very well under most of our tests, this penetration attack (a Microsoft RPC buffer overflow) partially succeeded. All information screens auto-refresh every 30 seconds, so most current information is always easy to see and find on the intuitive web interface.

This product sits at the front end of the network transparently and monitors all incoming and outgoing traffic for any malicious content.

This is an IPS with very simple configuration. You just plug it in and go. After the simple quickstart is completed, the 200E begins gathering network traffic and information and setting its own policies accordingly. Its policies are reasonably selfmaintaining and the 200E requires little administration time.

The TippingPoint appliance comes with only a simple, onesheet quickstart guide that only describes the initial turning on, and simple initial configuration of, the appliance. Additional documentation is on the supplied CD, and we found it adequate, if not extensive.

Support for the product is available, but you have to look for it on the website. Instead of being in a more intuitive “support” section, it is hidden under the company information as part of the “contact” screen.

However, there is the Threat Management Center that provides, among other things, real-time attack filter updates, an extremely valuable service.

This device is very reasonably priced for a full-service solution to protect most sizes of network from intrusion or malware.

For: Very self-contained and automated with little need for full-on management.
Against: Protection failed under some fragmented RPC attacks against a Microsoft operating system.
Verdict: Full-service solution with effective blacklist blocking.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
2006 200e intrusion prevention security tippingpoint

Partner Content

Beat the DDoS blackmails in 2021
Partner Content Beat the DDoS blackmails in 2021
Why companies fail at picking cloud modernisation partners
Partner Content Why companies fail at picking cloud modernisation partners
Shut the door on ransomware
Partner Content Shut the door on ransomware
MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Beat the DDoS blackmailers in 2021
By Peter Stephenson,CeRNS,
May 1 2006
12:00AM
0 Comments

Related Articles

  • Trump seeks to curb foreign cyber attacks over US cloud services
  • New Raindrop malware used in SolarWinds hack found
  • Security vendor Malwarebytes hacked through Office 365 and Azure
  • UNSW restarts search for new CISO
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Google unravels state-of-art Android and Windows exploit chains

Google unravels state-of-art Android and Windows exploit chains

Tyro halts trading following week-long outage

Tyro halts trading following week-long outage

Defence switches on initial SAP ERP system capability

Defence switches on initial SAP ERP system capability

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.