 |
||||
|
|
|
||
|
Contents 
Introduction
CyberGuard SG710
Fortinet Fortigate 200A
Juniper IDP 200
SonicWALL 5060
WatchGuard X1000
Tier 3 Huntsman
Specifications
How we tested
Test Analysis
Editor's choice
About RMIT |
|
||
|
|
||||
|
|
||||
We used a powerful yet simple tool called IDS Informer from Blade Software, to see how these devices performed in the detection stakes. While designed to test traditional inline or passive IDS/IDPs, we found that we could tweak the integrated security service appliances and the IDS informer configuration to enable successful running of the attacks.
Another great feature is that the application allows the test engineer an amazing amount of control over both the source and destination machine's IP addresses. Even in a disparate network environment, gateways can be set to the MAC address level, to enable some form of routing. One can even use wildcards in the IP settings to simulate attacks coming from many external sources or against several internal targets, each of which is collected and responded to by the secondary NIC.
We ran IDS informer on an Intel P4 2.8Ghz machine, with 1GB of RAM and two 1GB NIC's. Wherever possible we ran all the attacks through the devices on test just to see if any strange behaviour occurred, then we ran a selection of common attacks to have a look at the vendor's logging and reporting systems.
Three must-read resources for routine testing and evaluating of IDS/IDP solutions can be found at the following locations.
