Sample RFP for IPS Implementation

 
 
By Cameron Sturdevant  |  Posted 2005-02-07 Email Print this article Print
 
 
 
 
 
 
 

To help IT managers develop a request for proposal for prospective intrusion prevention system vendors, eWEEK Labs suggests a series of questions that can serve as a starting point.

An IPS is a complex, frequently updated combination of hardware and software that protects against active hostile network attacks.

Click here to read more about intrusion prevention systems.
To help IT managers develop an RFP (request for proposal) for prospective intrusion prevention system vendors, eWEEK Labs has put together a series of capacity and performance questions that can serve as a starting point.

With this product area, adding organization-specific details could expose vulnerabilities that are too sensitive for a sales proposal. We recommend adding dummy data to the proposal to mask the true composition of the network.

For an IPS evaluation to have a meaningful outcome, there is no substitute for knowing and understanding the up-to-the-minute configuration of your network. Many IPS vendors have told us that theyve found traffic flows on their customers networks that were previously unknown. Such a surprise during an IPS test should signal not only that an IPS is needed but also that additional focus on network security is warranted.

1. Who are the top two scientists in charge of technical development of the IPS?

2. Assuming that power to the unit will not be interrupted, under what conditions can the device become a single point of failure?

3. What is the minimum amount of network downtime required to install the IPS?

4. What is the maximum number of computer systems that can be protected per IPS? Or, if the answer depends on the computing environment, describe a formula including factors such as IP connection setup/tear-down per second, traffic types and at least three other factors that could be used to reasonably predict the minimum number of IPS devices required to protect 100 Web servers.

5. As clearly as possible, describe the essential hardware that differentiates your product from other available products.

6. As clearly as possible, describe the essential software that differentiates your product from other available products.

7. What is the capacity (usually measured in gigabits per second) of the backplane of the IPS models offered by your company?

8. Assuming the OSI seven-layer network model, specify all the layers at which your product offers protection.

9. Describe a reasonable scenario that would produce a 500-microsecond latency in a packet flow.

10. Does the IPS provide rate shaping to ensure that known, normal traffic flows are given priority over unknown traffic flows?

11. In the last six months, what was the shortest period of time between the releases of two signature updates?

12. Define "high availability" for your product (that is, hot failover or load balancing or a combination thereof) and provide a diagram showing how the high-availability options work.

13. For all the following, cite the most relevant user documentation (book and starting page number) for the following characteristics:

a. Handling anomalous traffic

b. DoS and DDoS

c. Syn flood

d. Process table flood

e. Managing multiple IPS device configurations

f. Reporting blocked traffic

14. For all the following network equipment, indicate if the IPS provides specific protection:

(Reader: Provide a list of all the routers, switches and firewalls used at your organization that will also be protected by the IPS. Be specific, providing model and operating system information.)

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
 
 
 
 
Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at cameron.sturdevant@quinstreet.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel