Full text

good

* Install and management process greatly improved

* New signature language offers additional features and ease of use

* Intrusion-prevention capability is a solid start

bad

* Software-only Dragon receiving less emphasis

* Intrusion-prevention response types still need work

Once a monster in the IDS market, Enterasys' Dragon Intrusion Detection System started losing its competitive edge in versions 5 and 6. But fresh features in a sharp new appliance have restored Dragon to its former glory.

Starting with version 7.1, the version I tested in the University of Florida network lab, the Dragon appliance comes with intrusion-prevention features that distinguish it from Enterasys' earlier softwareonly Dragon solutions.

Load and Go

The Dragon giqabit appliance came loaded with two on-board copper ports, a two-port gigabit copper PCI card and a two-port LC fiber card. Usually, the appliance is configured with four additional fiber or copper ports, instead of two of each. Inside the chassis, a custom install based on Slackware Linux runs on dual 3.4-GHz hyperthreading Intel Xeon processors and 2 GB of RAM.

Setup is simple. It's based on the Zero G InstallAnywhere Java installer, which establishes the type of deployment, interface configuration and basic device settings. I used a standalone installation, and all management IPs were set to the lab network IP of the device. I used one of the on-board ports for a management interface and assigned it that address. A crossover cable connected one PCI port to my test client, which would serve as an attacker; the other PCI port was connected directly into the network.

InstallAnywhere was also used when I installed the management client onto another test server. Since the management client is Java, the installer provides...