Inside The Network Intrusion-Prevention Hype
Executive Summary: NIP Systems
By Mike Fratto Courtesy of Network Computing

Remember Star Wars? Not the movie, the ballistic missile defense system. In 1983, President Reagan was bullish on his vision of gigantic, high-tech lasers that would vaporize any missile daring to enter U.S. airspace.

Listen to NIP system vendors, and you may have flashbacks to that scary time. Back then, it was the Democrats who questioned spending billions of dollars on the off chance of being able to shoot down an object smaller than a

Volkswagen Beetle streaking through space at 10,000 miles per hour. Today, analysts and some industry pundits are taking aim at the very legitimacy of the intrusion-prevention vision and suggesting that the functionality ought to be incorporated into firewalls.

We disagree, at least for the foreseeable future. NIP systems have a place in a comprehensive security scheme. At the very least, they can buy you time to patch. We tested the NetScreen-IDP 500 and Network Associate's McAfee IntruShield 4000 in our Syracuse University Real-World Labs and found that each did a good job blocking known attacks, though we did need to be selective about blocking so as not to shun legitimate traffic.

After firing our arsenal of malicious packets at the devices in a controlled environment, then deploying them on our live network, we gave the IntruShield 4000 our Editor's Choice award. Though it's much pricier than the IDP 500, it showed fine performance up to 1.2 Gbps, with average latency of just 1 to 2 ms.

SJ