Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ASIC Based IPS

from [Barrett G.Lyon] Network Security [Permanent Link]
Subject: Re: ASIC Based IPS
Date: Fri, 15 Apr 2005 10:18:55 -0400 
Richard,

Myself and my team have programming on CloudSheild's IDE for a good 6 months now. We have been doing very complicated processes at line-rate and we are able to do nearly anything we can think of with the packet. It's a heavy learning curve and a lot of nuances to pick-up, but for the most part -- a good platform. I'm sure the CS guys would thank me for that comment ;)

The 10k foot view of the device: Under the hood they have a bunch of NPs that feed into FPGAs that glue together a lot of ASIC based tools. So when you code, you can use an ASIC like it is a function in your program. It also has an on-board PC so you can interact with the network with any scripting/code you can think of, it's a lot of fun.

Our (Prolexic's) network takes a pretty heavy load (1-10+ Million PPS) from time-to-time, and if our network did not perform we would have a customer retention problem -- we built one of the first securenet/IPN (Intrusion Prevention Networks) So when you are making things that are "out of the box", it's hard to buy something that fits perfectly within your specifications.

Along with IPS in general, I think a lot of the devices out there have some pretty good rate-limiting and SYN flood mitigation, however, they all seemed to miscalculate the sheer amount of processing power it takes to do deep packet inspections and protocol verification. Our network is currently representing about 10 Terahertz of processing ability just for the DPI, so hoping a single FPGA based hardware device will do the trick may be a bad idea. Also, most devices can not handle out-of-state TCP based attacks (see: Riverhead), so keep your eyes out on that too.

-Barrett


Barrett G. Lyon
Chief Technology Officer
Prolexic Technologies - The leaders in DDoS Security!


--------------------------------------------------------------------------
Stop hurting your network!

The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Sniffing split connections, Chris Mills
Next by Date:  RE: IDS PhD resarch query, Stuart Staniford
Previous by Thread:  Re: ASIC Based IPS, Richard Bejtlich
Next by Thread:  RE: ASIC Based IPS, Brian Smith
Indexes:  [Date] [Thread] [Top] [All Lists]