DP Inspector 100e
Full stateful inspection firewall.
Not a dedicated IPS.
More of a firewall with IPS built in, the DPI 100e is better suited to smaller or branch offices. Enterprises will need better security overall, though.
Barbedwire's 1U DPI 100e is a firewall product that uses a 2GHz Celeron processor and 256MB RAM to provide enough power to run its IDS/IPS services.
Initial configuration is either through the console port or, more easily, by using the default IP address to connect to the web-based management. Once connected there's a set-up wizard, which gets your basic port settings configured quickly; this lets you decide how to configure the four Fast Ethernet ports. At least two have to be dedicated to the firewall (internal and external networks), which leaves two for the IDS system.
Unfortunately, there's no inline mode on the firewall. The manual suggests configuring a switch for port mirroring. However, switches often fail to forward packets at high loads, so we'd recommend using a hardware tap instead. Then you need to configure the IDS system and tell it which IP addresses you want to look at.
Next, you need to configure the IDS rules to choose the types of attacks you want to look at. There is a comprehensive list of attack signatures, neatly categorized and put into groups. It's easy to turn them on and off.
The default rules for the IDS system just govern reporting; you can, for example, send an email each time a rule is configured. As the DPI 100e is also a firewall, though, you can also change the configuration to automatically block source and destination traffic when a rule is triggered. It's a quick, effective way to prevent unauthorized attacks.
To help build up security, the DPI 100e also has a security vulnerability scanner, so you can use this to bolster a machine's security and block holes at the machine end, rather than reacting to attacks later.
It's a very easy system to use due to the excellent web interface and intuitive controls. It's also good to see this functionality in an appliance. But it can't handle as much throughput as dedicated IPS appliances, and doesn't have an inline mode or the same range of tools and detection methods.
As such, it would suit smaller firms or branch networks, where performance is less of an issue and it makes more sense to buy one box for all jobs. Larger networks, though, are better off buying a dedicated IPS appliance.