Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IDS\IPS that can handle one Gig

from [Andrew Plato] Network Security [Permanent Link]
Subject: RE: IDS\IPS that can handle one Gig
Date: Tue, 24 May 2005 17:09:34 -0700 
DISCLAIMER: I am a greedy IPS reseller. ;-)
 
Lots of IPSs can handle 1GB.

TippingPoint 1200, 2400, or 5000 (5GB!) 
ISS G1000, G2000
FortiGate 1000 or better
Juniper
Etc. 

Lots of them fail at 1GB because that's a buttload-O-packets to handle.
Especially if they're little UDP packets. The thing is, they can say
they're rated to 1GB because they can, theoretically handle 1GB. But,
the only way to get there is with a paltry policy set that only checks a
few things.  

If you need raw ungodly performance, you might want to stick to the
ASIC-based IPSs. They tend to be faster and have a much lower latency.
This would be TippingPoint and Fortigate. I don't think McAfee uses
ASICs, but I don't know. ISS, Juniper, Symantec, Cisco, etc. are all
software running on some OS.  

ASICs also have the added benefit that they are more secure as an
appliance. Its almost totally impossible to crack an ASIC-based system.
The OS-based IPSs usually run on-top of some hardened Linux or BSD
kernel. Which means, its possible (although unlikely) that a root
exploit to the Linux kernel could turn your security appliance into an
insecurity appliance.

___________________________________
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security



-----Original Message-----
From: Randall Jarrell [mailto:rgj@msn.com] 
Sent: Thursday, May 19, 2005 8:28 AM
To: focus-ids@securityfocus.com
Subject: IDS\IPS that can handle one Gig

Greetings,

We are currently evaluating IDS\IPS vendors. We have tried two vendors,
whom I will not name unless you ask me, that have made claims that they
can handle a Gig of through put but actually start to fail around the
300-500MB range.

Could anyone share a success story of a vendor they are using that is
handling this type of traffic?

Thanks in advance,

-RGJ

------------------------------------------------------------------------
--

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
--




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Packet/Protocol Anomaly Detection with IDS, hibano haleluya
Next by Date:  RE: IDS ISS, PPowenski
Previous by Thread:  IDS\IPS that can handle one Gig, Brian Blankenship
Next by Thread:  Re: IDS\IPS that can handle one Gig, Jonathan Glass
Indexes:  [Date] [Thread] [Top] [All Lists]