I am wondering what really differentiate b/w deep inspection and IDP, both are IPS. i know deep inspection is aimed towards small businesses contrary to IDP. But my question s that am i right in considering deep inspection as same as IDP on attack signatures but differ in performance or they both have different number of signatures and deep inspection is unable to stop all attacks which IDP does.
I mean number of attacks prevented are same for both devices or not.
There are a couple White Papers that explain DI and IDP. You do need to fill out a quick form to view the White Papers, but they are very good.
Datasheet for IDP: -------------------
http://www.juniper.net/products_and_services/intrusion_prevention_solutions/idp_50_slash_200_slash_600_slash_1100/ which has pointer to White Papers under the Literature Tab: http://www.juniper.net/solutions/literature/white_papers/wp_idp.pdf
http://www.juniper.net/products/intrusion/dsheet/110037.pdf More than 5000 signatures
Datasheet for SSG500 Series: ----------------------------- http://www.juniper.net/products_and_services/firewall_slash_ipsec_vpn/ssg_500_series/index.html
which has pointer to White Papers under the Literature Tab: http://www.juniper.net/solutions/literature/white_papers/deep_inspection_wp.pdf
DI is loosely based on IDP. When you want write a custom signature, your best bet is with IDP. DI is not able to process complex inspection of signatures, so if the signature you write is fairly detailed (like a P2P signature), DI will not be able to handle that. I usually recommend using DI only with the pre-defined signatures and anamolies that are downloadable. Anything more specific should be handled with IDP.
I've also been searching for a comparison between DI and IDP and Google returned this PDF file ( http://www.indevis.de/dokumente/netscreen_isg_faqs_2005.pdf ). In it, at page 6, a "DI vs. IDP Comparison Guide" is mentioned, but I couldn't find it anywhere. Is that comparison guide still available anywhere?
