Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: ASIC Based IPS

from [THolman] Network Security [Permanent Link]
Subject: RE: ASIC Based IPS
Date: Wed, 30 Mar 2005 16:59:38 -0500 
Hi Sid,

Just because an IPS device uses an ASIC or two, does NOT mean it is very
fast.

The key to speed and low latency is ARCHITECTURE.

For example, a device that uses a single ASIC to process all network data
will not be much faster than a PC using a single Intel processor.
The benefits of speed come about when you start using ASICs in parallel -
so, one ASIC to carry out L2 checks, one ASIC to carry out L3 checks and so
forth.  Furthermore, such a device needs a backplane and network processors
that support such a design.

A good, parallel-ASIC design thus enables vendors to claim high speed and
low latency.

Another very important point to consider is whether or not the vendor uses
off-the-shelf general network ASICs (which offer good network level L2/L3/L4
performance), or use ASICs that are designed from the ground up to handle
the very different nature of L5-L7 packet contents.

It is also important to consider whether or not there is a dedicated ASIC
on-board to handle each of the separate functions that you would expect from
an IPS, instead of cramming multiple functions into two or three ASICs and
thus affecting latency and performance.

What you should also look for is a device which uses FPGAs - these are in
effect programmable ASICs (as off the shelf ASICs are read-only, FPGAs are
the writable versions that allow direct coding of the processors).  Use of
FPGAs enable vendors to keep their devices up-to-date and relevant to the
current network security landscape.  The ability to write a
signature/protocol check into machine code and put it on a processor has a
HUGE impact on the performance of the device as opposed to one that uses
either standard ASICs or PC-based hardware.

Gartner's Seven Key Selection Criteria for Network IPS should also assist
you in selecting an IPS.  Although performance is important, this details 6
other criteria that are crucial in product selection.

Hope this helps !

Cheers,

Tim

Tim Holman
Security Consultant (EMEA)
Top Layer Networks Inc

 
-----Original Message-----
From: Siddharth Phadnis [mailto:siddharth.phadnis@impetus.co.in] 
Sent: 29 March 2005 12:27
To: IDS FOCUS
Subject: ASIC Based IPS

Hi everyone,

Currently a lot of IPS vendors talk about their devices being very fast 
being based on ASIC. Just out of curiosity, I would be glad if someone 
could point me towards how all the signatures and analysis/blocking 
software works from ASIC and how does that affect the latency which is 
introduced into traffic because I believe the full packet payload will 
have to be inspected in case of application layer anomalies.

Thanks and Regards,
Sid.


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Metrics when comparing MSSPs, Bob Huber
Next by Date:  RE: IDS Evaluation, Matt Foster
Previous by Thread:  ASIC Based IPS, Siddharth Phadnis
Next by Thread:  Behavior anomaly IDS attacks, Drew Simonis
Indexes:  [Date] [Thread] [Top] [All Lists]