NETWORK WORLD NEWSLETTER: NEAL WEINBERG
on PRODUCT REVIEWS
10/16/01 - Today's focus: Intrusion detection systems


Dear Wincenty Kaminski,

In this issue:

* Enterasys' IDS Dragon offers best performance for network-
based intrusion detection
* Links related to Network World product reviews
* Featured reader resource
_________________________________________________________
SO, WHAT DO YOU THINK?
Give us your opinion on 5 different banner advertisements
and enter to win $500! Take the Banner Concepts survey at
http://www.rresults.com/bannerconcept/index.cgi

_____________________________________________________________
Today's focus: Intrusion detection systems


By Neal Weinberg

Intrusion detection systems are key components to any security
system. So the Reviewmeister decided to check out network-based
IDS products from Cisco, Computer Associates, Enterasys
Networks, Intrusion.com and Internet Security Systems (ISS).

The intrusion detection systems (IDS) products from Cisco,
Enterasys and Intrusion.com are appliances, while CA and ISS
offer software-based systems.

We conducted several tests to measure performance. First, we
measured how well the product could detect a random sample of
commonly recognized intrusion attacks, such as ping floods,
Jolt2 attacks, SYN floods, finger bombs and others. These were
tested initially under no background traffic load. To achieve a
passing score, the IDS had to correctly identify the attack
within five minutes of the attack's launch. We tallied whether
the intrusion was recorded, if it was correctly identified and
the approximate time it took to recognize the attack.

Next, we ran stress tests to see how the products would work as
background traffic load increased from 40M to 60M bit/sec, then
up to 90M bit/sec. A third test determined whether the products
could detect attacks specifically designed to avoid traditional
IDS systems.

Enterasys' IDS Dragon took the gold in performance. In addition
to its excellent showing in the first two tests, Dragon also
beat the competition by detecting attacks that are specifically
designed to avoid traditional IDS systems. IDS Dragon also
performed with near bulletproof reliability, demonstrating
minimal performance degradation under traffic load and solid
system stability during all of the tests.

The IDS Dragon missed only three out of 27 random attacks and
detected 24 out of the resulting 24 attacks sent to it under
the 40M and 60M bit/sec traffic load. With the 90M bit/sec
traffic, IDS Dragon correctly detected 21 out of 24 attacks.

No other product performed as well with the basic intrusion-
detection and stress tests, although Cisco Secure IDS performed
well under load. The ISS RealSecure performed well under 40M
and 60M bit/sec loads, detecting 22 out of 24 attacks, but fell
down to 17 attacks out of 24 when the traffic load went to 90M
bit/sec.

Intrusion.com's SecureNet Pro had the hardest time under heavy
background traffic loads. After a strong start - detecting 24
out of 27 attacks with no load - performance steadily declined
as load increased. It detected only four out of 27 attacks
under the 90M bit/sec load. Curiously, SecureNet detected the
highest number of attacks (25) under no load, but supported the
smallest database of known attack signatures of the products
tested.

All the products tested did well in detecting certain attacks,
including Whisker (various types), Targa3 and Bind, which are
specifically designed to evade network-based IDS products.
Cisco, CA, Enterasys and Intrusion.com detected 16 out of 17
attacks, and ISS got them all.

While CA's eTrust IDS performed adequately in our stress tests,
it did not perform consistently under high (90M bit/sec) loads.
It appeared that the longer we let the background traffic
stream run (up to 10 minutes or more), the less consistently
eTrust detected the attacks.

For the full report, go to
http://www.nwfusion.com/reviews/2001/1008rev.html

_______________________________________________________________
To contact Neal Weinberg:

Neal Weinberg is features editor at Network World, in charge
of product reviews, Buyer's Guides, technology primers,
how-tos, issue-oriented feature stories and the Technology
Insider series. You can reach him at mailto:nweinber@nww.com.
_______________________________________________________________
Promote your services and generate qualified leads!  Register
on Buy IT, NW Fusion's Vendor Directory and RFP Center.  It's
cost-effective and eliminates the headaches of finding new
business.  List your company today and access millions of
dollars in RFPs posted by active buyers.  Go to NW Fusion now!
http://www.nwfusion.newmediary.com/091201nwwprovnwltr1



______________________________________________________________
RELATED LINKS

Intrusion-detection firms push for unified management
Network World, 05/21/01
http://www.nwfusion.com/news/2001/0521iss.html

Users warming to outsourced intrusion detection
Network World, 02/12/01
http://www.nwfusion.com/news/2001/0212specialfocus.html

The archive for Reviews is:
http://www.nwfusion.com/reviews/index.html
______________________________________________________________
FEATURED READER RESOURCE

Audio Primers

Are you behind on the basics of technologies such as ATM, IP
Multicast and VPNs? Check out our library of audio primers -
quick explanations of networking topics and technologies,
including IPv6, SANs and DSL vs. cable. These less-than-10-
minute primers will not only explain how these technologies
work, but they'll also show you through slides and diagrams.
http://www.nwfusion.com/primers/index.html

_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.nwwsubscribe.com/nl
______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Fusion Sales
Manager, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2001

------------------------
This message was sent to:  vkamins@enron.com