Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IPS Reliability/Availability

from [j] Network Security [Permanent Link]
Subject: RE: IPS Reliability/Availability
Date: Wed, 15 Mar 2006 22:56:33 -0800 (PST) 
--- Mike Barkett <mbarkett@nfr.com> wrote:

The RISC based solution we are discussing is
markedly different in that it has none of the above, and it relies less on

load

balancing than traditional "sandwich" solutions.


OK. From bird?s-eye view, your solution looks like FWLB in a chassi, but this
forum is probably inappropriate place to discuss specifics of the NFR solution.
 

It's hard to be specific without knowing the details of load balancing.
However, let me try to list a few issues:
- Increased latencies and jitter in case of inline deployment.
- Burst loss. For example, try to do a deep inspection without loss of a >> 

  large TCP window of a single TCP session sent by a server or a test 

   device over a gige interface. 
   What's max burst you can process without loss?
- If traffic from a malicious source is distributed to several CPUs,it 
   will take you much longer or even impossible to detect the attack and 
   start dropping malicious traffic.

 

It's certainly understandable that you'd be skeptical about the numbers
being thrown around.  You're not the only one.  And  it's true that a poorly
Implemented distribution scheme will suffer from the problems you mention.
These are not new concerns, however, and the equipment and software that we
use to tackle the speed problem are specifically designed to handle these
challenges.  As someone said on a previous thread  (or was it this thread?),
let's wait until the third party numbers come out before passing judgment.

.......
Sure, however let?s keep in mind that the third parties don?t test for spike,
burst latencies and jitter in the IDP testing. See:

http://seclists.org/lists/focus-ids/2006/Feb/0018.html

Jack.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IPS Reliability/Availability, Mike Barkett
Next by Date:  Re: IDS Analyst skill set, Maarten Van Horenbeeck
Previous by Thread:  RE: IPS Reliability/Availability, Mike Barkett
Next by Thread:  IDS vs. IPS deployment feedback, watsont
Indexes:  [Date] [Thread] [Top] [All Lists]