Dragan on Security

I invite you to answer poll question “Have you used penetration testing services” (column on the right of this blog). Possible answers are:

1. Yes
2. No
3. Have I used… what?
4. I provide those services

Thank you for voting.

Wikipedia article defines penetration test in this way:

A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution. The intent of a penetration test is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered. It is a component of a full security audit.

See more here.

In its Magic Quadrant for Network Intrusion Prevention System Appliances, dated April 14, 2009 Gartner positioned TippingPoint and Juniper Networks as leaders in field, together with McAfee andSourcefire.

However, these days (December 2009), there are a lot of talks about not encouraging results of test done by NSS Labs related to IPS solutions of these companies.

An independent test and evaluation of 15 different network intrusion-protection system products from seven vendors showed none were fully effective in warding off attacks against Microsoft, Adobe and other programs. NSS Labs, which conducted the test without vendor sponsorship of any kind, also evaluated the 15 network IPS offerings for their capability in responding to “evasions,” attacks delivered in an obfuscated and stealthy manner in order to hide. In that arena, Juniper Networks and TippingPoint didn’t perform particularly well. Juniper IPS scored lowest at only 17% effectiveness. Here is article on NetworkWorld. In that arena, the McAfee and IBM IPS held up particularly well.

TippingPoint’s president Allan Kessler posted his view on blog. Also, this topic become active on SecurityFocus mail lists with Focus on IDS (here).

It is my belief that this report and tests will affect IPS market, but also trust into various reports from [independent] research and testing houses.

Updated on December 11th, 2009: Also see Rick Moy’s blog post “Network IPS Group Test Results Available“.