 |
||||
|
|
|
||
|
Contents 
Introduction
CyberGuard SG710
Fortinet Fortigate 200A
Juniper IDP 200
SonicWALL 5060
WatchGuard X1000
Tier-3 Huntsman
Specifications
How we tested
Test Analysis
Editor's choice
About RMIT |
|
||
|
|
||||
|
|
||||
The only standalone IDP sensor in this review was the Juniper IDP 200 device. Coming from a family of sensors it enables an enterprise to tailor their IDP solution to fit exactly.
The IDP 200 sensor is clothed in the traditional Juniper blue livery. It is a 2RU device -- the front has 10 RJ45 ports, (two are for management and high availability), there is one DB9M serial console port, and status LEDs for power, hard disk drive, temperature, power supply failure, as well as the usual Link and TX/RX LEDs for the network interfaces.
The rear of the unit has an optical drive unit -- the machine we were shipped has a single power supply blade but there was room for another to provide redundancy.
There are a couple of other components to a Juniper IDP solution besides the sensor itself. The logging server is hosted on a separate server running either Red Hat Linux or Sun Solaris. We opted for Red Hat. There is also a management console which runs on Windows.
Next we moved on to the centralised management and logging server where we found the setup could not have been easier -- a simple shell script is supplied and once run, the processes are started. The remote IDP Manager console is excellent, especially considering the flexibility and number of options for the operator, let alone the logs and reports to be parsed and generated. Juniper has certainly done its homework. Once installed and with sensors added, the administrator can create security policies, either from the "cookie cutter" policies provided, or totally customised for their environment.
The updated IDP signature file can be downloaded and pushed out to update the devices. The granularity in control over both the administration and reporting side of the systems is phenomenal. Sitting at the top of the tree is the dashboard viewer which allows the operator to monitor their own defined hosts and sources as well as attack summaries and the device status etc. At any time they can drill further down into each frame to get detailed information.
For the medium-to-large enterprise with a layered (multi-segmented) network or a network that is geographically diverse, one IDS/IDP device/sensor sitting on or just behind the firewall really is not going to help too much. A far better solution would be to sit sensors at each network interconnection (trusted or untrusted) and have a central repository for all the data. Juniper can provide that solution.
|
| ||||||||||||||||||||||||||||||||
