Detection and prevention: 6 intrusion detection systems tested

McAfee Entercept 5.0
McAfee Entercept 5.0 The key differentiation when comparing McAfee security software IPS with the other software applications such as the Computer Associates or Snort applications is that McAfee software is designed as a individual distributed host-based system, really a last line of defence. The other two applications -- whilst configurable to run as standalone, single-port host-based systems -- are really designed to be network-wide monitoring systems.

This last-line host-based defence is a similar concept to the firewall-on-a-card systems the Test Lab reviewed in the June 2003 issue of T&B. These are basically firewall systems integrated onto a PCI card that are designed to replace the network interface card (NIC) in the host PC and provide a last-line firewall defence against intruders intent on targeting that specific machine. Likewise, the McAfee Entercept application is designed to put the IPS agent directly on that specific machine and then report back to a centralised management server.

The more walls or obstacles a security team can place in a potential hacker's path when targeting the network, the better chance the team has of either rebuffing their attacks or creating a notification system that works well. The main point to keep in mind when applying the onion or layered approach to security is to make sure that management of the system is not too much of a burden for the security team as far as their time and resources are concerned. [If you're interested in a further discussion of the layered approach to security, there will be an article in next month's issue of T&B -- Ed.] Installation, configuration, and administration of the Entercept 5.0 package was simple. Initial installation gives the operator the option to install either the management server, a console, or an agent. We installed all three on the one machine, although obviously the administrator could choose to run a centralised management server with SQL Server for the database, a separate admin console, and several agents deployed on the hosts to be protected.

The installation routine gives the user the option to install Microsoft SQL Server Desktop Engine (MSDE) or run into a full SQL server. The installation also installed Crystal Reports 9.

This product is an excellent last line of defence, or even a front-line defence if there are specific machines on the network that require IDS/IPS monitoring. This is particularly applicable in very open networks with undefined boundaries or perimeters where the security team must treat every node on the network as being potentially hostile. Don't forget the amount of data logged by IDS/IPS systems can be overwhelming, and if a security team is not large enough to monitor all network activity, or the security budget simply does not stretch to a total network monitoring, at least the top primary hosts deserving security can be covered.

  Detection & prevention
  Computer Assosiates
  Juniper Networks
  McAfee IntruShield
  McAfee Entercept
  Snort
  SonicWALL

 Specifications
 How we tested
 Sample Scenario
 Final words
 Editor's choice
 About RMIT
Product McAfee Entercept 5.0
Price Management server AU$8920, Windows Server agent AU$1730, desktop agent AU$37
Vendor McAfee
Phone 1800 644 646
Web www.mcafee.com.au
 
Interoperability

Supports Microsoft Windows only.
Futureproofing
Very impressive centrally managed, host based software system with distributed agents.
ROI
A relatively inexpensive solution, particularly when deployed across a range of servers.
Service ½
Warranty and service renewable annually with service contract.
Rating ½

< Prev 1 2 3 4 5 6 7 8 9 10 11 12 13 Next >
Advertisement

Print feature brought to you by Adobe

Talkback 0 comments

Back to top

Featured