Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: need help

from [tcp fin] Network Security [Permanent Link]
Subject: Re: need help
Date: Sun, 15 Aug 2004 05:18:02 -0700 (PDT) 
Hi Folks, 
yes very true latency play important role in Highspeed
networks when we deploy IPS in line. Latency can be
termed as the time taken by the IDS/IPS engine to
process the incoming packet and put it on to the
interface to let it GO to the destination or deny
depeding upon the rules configured for the packet
under inspection. As far as network bursts goes we are
talking about the combination of perfomrance and
processing capabilitites of IDS/IPS engine  as well as
the Hardware Memory and processing capabilities.
,Thanks for point ting this out .
regards 
tcpfin.
--- Stefano Zanero <stefano.zanero@ieee.org> wrote:


tcp fin wrote:


2. Throuput (If its Inline) 


Actually, if the IDS is IN line you actually want to
care about the 
_response time_ of the device (i.e. the additional
delay it adds to 
packet RTT times), which is not exactly the same
thing as the throughput.

If the IDS is _on line_ but not _in line_ (i.e. a
pure sniffer, not 
acting as a gateway, like most IDS products with no
IPS capabilities) 
you must all the same take into account the
_throughput_ of the device, 
since if the throughput is not high enough, the
device will lose 
packets, and therefore lose attacks.

You must also remember that even if your average
network usage is some X 
value, you must take into account network bursts,
and do appropriate 
capacity planning studies.

Stefano



--------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with
real-world attacks from CORE
IMPACT.
Go to


http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.


--------------------------------------------------------------------------







                
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Top Layer Attack Mitigator - Experience?, Michael McDonough
Next by Date:  Re: A Network IPS Proposal (was Definition of Zero Day Protection), Johnny Calhoun
Previous by Thread:  Re: need help, Stefano Zanero
Next by Thread:  Avoiding VLAN bridge with N-IDS?, Chris Conacher
Indexes:  [Date] [Thread] [Top] [All Lists]