Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: RE: IPS Reliability/Availability

from [Mike Barkett] Network Security [Permanent Link]
Subject: RE: RE: IPS Reliability/Availability
Date: Sun, 12 Mar 2006 13:12:11 -0500 
-----Original Message-----
From: y8k0vt3p@yahoo.com [mailto:y8k0vt3p@yahoo.com]
Sent: Friday, March 10, 2006 2:42 AM
To: focus-ids@securityfocus.com
Subject: Re: RE: IPS Reliability/Availability


The primary "con" is that it's a fairly new approach, and therefore it's
difficult to get people on the bandwagon.
- it's hard to convince people that this solution is actually as
fast (or faster) than an ASIC solution for the same price. ASICs have
been around a long time, and people have a kind of warm fuzzy from that
older technology.


I'm wondering why CPU cluster technology that you are deploying is
considered new in comparison to ASIC/FPGA/NP technology.


Primarily because it is newer than those technologies.  Can you offer any
examples in which this approach was applied to bundled network security
point solutions prior to the advent of ASICs?

But to your point... you're right that the concepts are similar in that, at
some point, you ultimately reduce the problem to processors processing data.
However, the RISC based solution removes "forklift upgrade" from the user's
vocabulary.


Obviously, "software + CPU cluster" technology has some attractive
properties.
However, it also has several nasty properties, especially in the IDS
space. In addition, the problems get nastier with adding more CPUs to the
cluster, so there are a limit how many CPUs you can put in a cluster.
For starters, if your load balancing scheme is based on TCP/UDP port
numbers,
            you'll have a hard time detecting even simple port scan.

- Jack


This might be partially true if the load balancing assumption were correct,
but at least in the one implementation (NFR) with which I am familiar, it is
not.  Can you enumerate some of the inherent "nasty properties" to which you
allude?

-MAB


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IDS Tuning, lucien Fransman
Next by Date:  Re: Scan for "outsider" Pcs on network, Alice Bryson
Previous by Thread:  Re: RE: IPS Reliability/Availability, y8k0vt3p
Next by Thread:  RE: IPS Reliability/Availability, Mike Barkett
Indexes:  [Date] [Thread] [Top] [All Lists]