Security UPDATE--New Reports on UTM and IPS Solutions--November 9, 2005

Two new reports from The NSS Group examine Unified Threat Management products and Intrusion Prevention Systems. Plus, get links to other security news, resources, and product information.

ITPro Today

November 8, 2005

12 Min Read
ITPro Today logo in a gray background | ITPro Today

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

Free Security Compliance Reality Check

http://www.bindview.com/bvCat/index.cfm?AD=NS-WINITProBVCatDLU-Q305

Implement Least Privilege with DesktopStandard PolicyMaker!

http://www.desktopstandard.com/base/itpronl110905.aspx

===============

==========

==== Sponsor: BindView ==== Free Security Compliance Reality Check Get a quick reality check of your IT security compliance for specific regulations by running this FREE Compliance Assessment Tool. You'll get an overall "compliance score" as an example of how BindView solutions can help you monitor and report on compliance--all through a single compliance architecture for managing multiple regulations. Download your free Compliance Assessment Tool for each of these regulations: Sarbanes-Oxley FISMA HIPAA GLBA Basel II Payment Card Industry–-Data Security Standard http://www.bindview.com/bvCat/index.cfm?AD=NS-WINITProBVCatDLU-Q305

==========

==== 1. In Focus: New Reports on UTM and IPS Solutions by Mark Joseph Edwards, News Editor, mark at ntsecurity / net The NSS Group, which I've written about before, analyzes hardware-based security solutions and produces in-depth reports that cover the products' performance and capabilities. The group uses specialized equipment in a controlled environment for its analysis and has reviewed high-performance Intrusion Prevention Systems (IPSs), Intrusion Detection Systems (IDSs), and application firewalls. You can find previous articles about the group's reports at our Web site. http://www.windowsitpro.com/search/index.cfm?action=search&qs=%22NSS+Group%22 Recently, The NSS Group released two new reports: Unified Threat Management (UTM) and IPS Group Test (Edition 3). The UTM report is the group's first report on products in this category. It looks at unified security solutions that include firewall, VPN, IDS/IPS, antivirus, antispam, URL filtering, and content filtering components. Of the six vendors that agreed to take part in the tests, two had products that weren't ready in time and two others had products that failed the group's stringent testing. The end result was that only two products passed the overall UTM tests: Fortinet FortiGate-3600 and Internet Security Systems (ISS) Proventia M50. IPS Group Test (Edition 3) is The NSS Group's third report on IPSs. The group reported that products in this classification have improved since last year in terms of performance, stating that "whereas last year we were seeing top speeds of 1-2Gbps, this year we are starting to see devices that can go well beyond that limit and which are looking over-engineered for Gigabit environments." Even so, four of the twelve products submitted by vendors for testing failed the overall tests, leaving eight products to receive an NSS Approved rating. Those products are Cisco IPS-4255 5.0(3), Cisco IPS-4240 5.0(3), Intoto IntruPro 3.0, Juniper Networks IDP 600F 3.1, NFR Sentivist Smart Sensor 100C, Radware DefensePro-3000 2.43, Symantec SNS 7160 4.0.0.9, and Westline Athena Aegis IPS 510L 2.1. The NSS Group also said that because product performance has improved significantly, the group will begin testing multigigabit Ethernet IPSs. Ten companies are signed up for the tests, which begin this month. That report should be interesting to those of you who must deal with super-high-speed networks. The NSS Group's reports reveal a lot about the performance characteristics of particular products (which of course is a huge aid in buying decisions) and about how to test such products. For example, the group uses specialized hardware and software from Spirent Communications to generate and measure high volumes of network traffic. The group also uses tools that might be common in your own environments, such as Cisco Systems Catalyst switches. And you might be interested to know that the group uses Tcpreplay (at the first URL below) and Tomahawk (at the second URL below), both of which are open-source tools that you can easily obtain. http://tcpreplay.sourceforge.net http://tomahawk.sourceforge.net Tcpreplay lets you replay previously captured traffic and modify packets. Tomahawk also lets you replay network traffic and generates large volumes of traffic for stress testing. You could use both tools to test the effectiveness of your particular IPS or IDS. Overall, I think you'll find the new reports very interesting and valuable, particularly if you're evaluating new high-end security solutions. You can read the full reports online (at the URL below) and purchase copies in PDF format or as printed and bound reports. http://www.nss.co.uk

==========

==== Sponsor: DesktopStandard ==== Implement Least Privilege with DesktopStandard PolicyMaker! The award-winning PolicyMaker suite now includes a Group Policy Extension for implementing the security best practice of Least Privilege. For the first time you can manage the permissions of applications and tasks and keep your users restricted! The PolicyMaker suite includes 24 extensions to Microsoft's Group Policy and integrates with native tools including the Group Policy Management Console (GPMC). If you use Group Policy there's little to learn. Download a free evaluation copy and learn why PolicyMaker was voted the Most Innovative Product of 2005 by Windows IT Pro readers! http://www.desktopstandard.com/base/itpronl110905.aspx

==========

==========

==========

==========

==== Hot Release ==== Meeting Enterprise Management Needs: The Integration of Microsoft SMS 2003 and Afaria Learn about the capabilities offered by the integration of Microsoft SMS 2003 and Afaria. In this free white paper you'll learn about new functionality and benefits of Microsoft SMS specifically targeted to improving management of remote and mobile devices, challenges of managing frontline systems, how the combined solution creates value around the successful use of technology at the front lines of business and more. http://www.windowsitpro.com/go/whitepapers/ianywhere/enterprisemgmt?code=sechot1109

==========

==== 3. Security Toolkit ==== Security Matters Blog: A Clear Case of Sony Taking DRM Too Far by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters You bought the new Sony BMG music CD-ROM and now you own it--sort of. If you want to play it on your computer, you must use Sony's audio player, which attempts to enforce Digital Rights Management (DRM), so you install the audio player. Little do you know that you just installed what amounts to a type of rootkit. Only this rootkit isn't designed to give others full access to your system--it's designed to prevent you from having full access to your system. Read more about it in this blog entry on our Web site. http://www.windowsitpro.com/Article/ArticleID/48318 FAQ by John Savill, http://www.windowsitpro.com/windowsnt20002003faq Q: How can I check whether a user account has certain user properties flags set? Find the answer at http://www.windowsitpro.com/Article/ArticleID/48310 Security Forum Featured Thread: Blocking IM A forum participant is looking for the IP addresses for the popular IM services (AOL Instant Messenger--AIM, ICQ, Yahoo! Messenger, MSN Messenger) so that he can create blocking rules for these addresses in his firewall. Join the discussion at: http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=44315&enterthread=y

==========

==========

==========

==== Contact Us ==== About the newsletter -- [email protected] About technical questions -- http://www.windowsitpro.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring Security UPDATE -- [email protected]

===============

This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.

https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb

View the Windows IT Pro privacy policy at

http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like