Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 24 November 2024, 09:18:02 am

Login with username, password and session length

Download the latest community FREE version  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  Installation Support
| | |-+  IS the commercial ENDIAN product dead?
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: IS the commercial ENDIAN product dead?  (Read 9251 times)
bendeliduka
Jr. Member
*
Offline Offline

Posts: 4


« on: Saturday 21 May 2011, 06:00:11 am »

The commercial product available for virtual demonstration is version 2.4.0, the community edition available for download is 2.4.1

both exhibit some flaws that call into question the quality of the underlying code.

Freshly boot either system and System | Dashboard the "Intrusion Detection" is listed as OFF, yet when I move to the Services menu (on the top) and select Intrusion Prevention (Same thing, just could not settle on a naming convention?) it is shown as running (green box).

clicking on the box turns the IPS off, and alerts to the effect that it is being turned off.  Clicking again on the gray box turns it back on.

Additionally, the documentation is somewhat unclear on how the IPS works, but...
(docs.endian.com/services.html#intrusion-prevention) does indicate under the RULES heading that
Code:
...By default the policy of all rulesets is to alert.  This behavior can be changed by clicking on 
the alert icon and it will turn into a red shield.  This means that after clicking on the Apply button the
 chosen ruleset will not cause alerts anymore but will block traffic that matches its rules...

The above is only partially correct.  Experience indicates that while the icon changes to a red sheild, the matching traffic is NOT BLOCKED but is ALERTED.

Rebooting the system and verifying the rules are still set "correctly" confirms the result are inconsistent with the documentation and the expectations from the GUI interface.

Most of the documentation on the Endian Knowledgebase (kb.endian.com) is years old and out of date (version 1.x releases)

Don't get me wrong.  I am a huge fan if linux and the GUI interface looks like something I could train less skilled network administrative staff to manage.  But the serious defects in functionality degrades the products usefulness below community/commercial standards.

The only way I was able to block the the traffic was to create Outbound firewall rules to block the IP Ranges.
I'm saddened to see a product with such promise having such poor support and out of date documentation, a total lack of informational howto's (the list goes on)

There is additional functionality that would make the logging and tracking behavior more interesting as well...
like the ability of the logs to show WHY traffic was DROPPED and the ability to negative filter and drop 'chatter' from the lots while looking for specific traffic (like suppressing all the windows broadcast crap)


Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com