McAfee IntruShield 2700
- By Greg Crowe
- Sep 07, 2006
Built for speed: The pricey IntruShield 2700 can handle 600 Mbps of network traffic.
The IntruShield 2700 is a big-time IPS, with the highest throughout support of all the devices we tested, at 600 Mbps. The 2U, rack-mountable appliance comes with six 10/100 Ethernet traffic ports that can be configured one-by-one to serve most network protection needs, plus it has two Gigabit traffic ports, three 10/100 response ports, a 10/100 management port and two serial ports (one console and one auxiliary). It even has an external compact flash port for importing/exporting certificate data.
Like the Juniper IDP 200, the IntruShield requires a management server, which connects through the management port. You can run the software on just about any Windows Server 2003 system or buy it prepackaged in the IntruShield Security Manager appliance ($12,995).
You start by establishing a serial connection with the sensor to set up the IP address of the management port, identify the management server, set the sensor name and create a shared secret key for use within the sensor management program.
Then the management server must be connected to the network, and the sensor added to the management program, using the sensor name and shared key created earlier. At this point, you can access the manager from any client machine by browsing to the management server's IP address.
We found the client interface to be clunky, though, with a primary screen that displayed the number of alerts and little else. We had to click around before finding the configuration page we needed. Fortunately, McAfee says it's coming out with a new user interface that looks to be a vast improvement, based on the screenshots they showed us.
The traffic ports can be configured in a variety of ways, which is probably the IntruShield's greatest strength. You can pair any of them for inline mode, set them up with a certain response port, or set them individually as sniffer ports. Once we configured the ports (we only needed to set one pair as pass-through ports), it was easy to adjust the security policies to stop all incoming attacks.
The IntruShield 2700 sells for $34,995, which is pricey even considering its port flexibility. But it does include server management software that supports up to two sensors.
If your agency has a large network and regularly adds or changes subnetworks, the IntruShield 2700 may be worth every penny.
McAfee Inc., Santa Clara, Calif., (888) 847-8766, www.mcafee.com
Greg Crowe is a former GCN staff writer who covered mobile technology.