Countersnipe APD 1000
June 30, 2005
- Ease of Use:
- Value for Money:
- Overall Rating:
Quick to configure; Dashboard management handles groups of sensors.
Simplistic reporting tools; sparse documentation.
Quick and simple interface, but the sparse documentation means that it is better for networks where you have highly-trained security experts.
The APD 1000 is a 1U, Pentium 4-based server running Linux. As such, the first configuration steps are to connect a keyboard and mouse, and enter a management IP address for its management Fast Ethernet interface. It's quick and easy to do, and then gives access to the ADP 1000's web-based management, the Dashboard.
Its well laid-out interface is a pleasure to use, and all the major settings are easy to find. From here, you can configure its dual Fast Ethernet interfaces (it can cope with 100Mbps of traffic) either to work in inline mode, or you can use a hardware tap and connect each interface to a different network segment.
For the inline mode, there's a choice of IDS, IPS or open modes. The latter is useful when the APD 1000 is in its learning mode. Once completed, it looks for network anomalies so that you can respond to zero-day attacks.
The Dashboard can be used to configure multiple sensors; it supports grouping, so that you can set the same configuration on multiple sensors all at once.
You can also create multiple users, so that you can delegate management and, for example, have one administrator who is just in charge of reports.
Configuring group policies is extremely easy. Attack signatures are split into well-defined groups, so it's just a matter of picking how you want to respond to each type of attack – block, alert, ignore, and so on. However, there are no dedicated Ethernet ports for sending resets. The system also has a default policy, so you can either override it for each group of sensors or choose to leave the defaults in place. The detection engine uses Snort, so you can easily write your own rules or, for new threats, use those generated by other users.
Reports are generated through the same console. There is a large selection available, sorted by a variety of different fields, although they fall short of the standards set by dedicated reporting packages.
The APD 1000 is a very simple product to use and one of the easiest to get running. However, it comes with sparse documentation and doesn't have the same depth and range of features as other products in this test, although its cheaper price means it's quite a bargain if you have well trained administrators.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Cyber-security must reflect risk not just regulation
- Met Police grab suspect with phone unlocked to get hold of data
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report