June 30, 2005
- Ease of Use:
- Value for Money:
- Overall Rating:
Comprehensive suite of tools; scans SSL traffic; integrates with Entercept.
Only one power supply; management requires dedicated server.
Solid range of protection and SSL traffic decoding makes it ideal for web server protection. However, it's fairly complex to set up and configure.
McAfee's IntruShield 2700 fits into the middle of its range, offering 600Mbps of throughput. It has six Fast Ethernet and two GBIC ports for detection, and three Fast Ethernet ports for responses. You can install it in either tap mode or inline mode, where the box sits between the router and main network. In inline mode, it's recommended that you use the appliance's high-availability mode.
It also has a dedicated management port to wire into a dedicated management network, and optional dual power hot-swappable power supplies, although it is only provided with one.
While initial IP address deployment is done via the console port, you then have to turn to the IntruShield Manager application, which has to be installed on a Windows 2000 server. At first, this isn't as simple as web-based management, but it provides greater scalability, a single point of management and a better overall network view. Also, replacing a damaged sensor should be as easy as switching the hardware over. The default installation uses a MySQL database, but you could use an existing Oracle database.
The centralized management is also good for updates. The IntruShield Manager downloads the latest attack signature updates and distributes them to connected sensors, ensuring that the whole network stays up to date. The console can also be integrated with Entercept host-based IDS sensors, so you've got one place to look for all of your security alerts.
Management is through a Java-based application, so you can access the console from anywhere. It's friendly to look at, with a tree view providing quick access to all elements of the network.
Network protection comes via security policies. The management system has predefined policies, but it's easy enough to create your own as IntruShield offers three levels of protection: signature, for known attacks; anomaly, to detect zero-day attacks; and DoS analysis. Crucially, for web servers, the device can decrypt and inspect SSL traffic, providing protection against encrypted attacks.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry