Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Suggestion for IDS

from [Michael Holstein] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Suggestion for IDS
Date: Wed, 28 Sep 2005 13:35:21 -0400
I suspect the argument here has to be cost-for-cost - in the price range for a decent beefy OpenBSD box you aren't going to be using FWSMs, and I can quite believe that the PIXen in that price range don't perform - the PIX 501 is specced at 60MB/s throughput and the cheapest retail price I can find for it is $678 for the unlimited license version - for the same money you can get a beefy PC which will push quite a bit more than 60MB/s 

Okay .. I'll bite.

That 501 is also the size of two decks of cards, laid side-by-side .. and will run tirelessly without any intervention for years (it dosen't even have a fan). I've personally deployed HUNDREDS of these things and never yet seen one go bad without help from lightning. PC power supplies, on the other hand .. frequently fall victim to dustbunnies.

I can also FedEx a replacement 501 to timbuktu for no more than $30 (its like 5lbs well-packaged) .. and get it there by 8am the next day. GROUND service on a whole PC is around twice that.

FWSMs appear to retail around $23,000 - that's on top of the 6500 chassis and line cards you need to use it - not exactly a fair comparison.

Yeah, but who pays retail for Cisco gear? .. Everywhere I've worked, we've been at close to half of list -- and you get loads of Cisco people that'll happily assist with your (no matter how rediculous) config -- they even usually speak English (usually...).

For that money you could quite easily put together a farm of boxes that would exceed 5GB/s throughput aggregate - whether you'd want to is a different question.

Yeah .. you could fill a 19" rack full of servers and accomplish the same thing .. but I highly doubt you'd end up accomplishing the same reliability (and to do 5gb, you'd only really need a 6503, SUP-2, and whatever interface card you want to use -- although you could get away using the two gig ports on the sup).

As for cost .. keep in mind what type of interfaces, RAID, memory, etc you've got to have to accomplish 5gb ... you can't just slap a 5 gigE cards on your PCI bus and expect not to have interrupt and PCI bandwidth issues.

Besides .. when we're talking "enterprise-class" networking, what would you rather have? .. two racks of BSD boxes with all sorts of complicated tricks to keep them load-balanced and redundant? .. or two 6503s where you can upgrade the IOS in 5 minutes and hot-swap anything?.

~Mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Suggestion for IDS, Paul S. Brown
Next by Date:  Re: [Full-disclosure] Suggestion for IDS, Lew Wolfgang
Previous by Thread:  Re: [Full-disclosure] Suggestion for IDS, Paul S. Brown
Next by Thread:  Re: [Full-disclosure] Suggestion for IDS, Paul S. Brown
Indexes:  [Date] [Thread] [Top] [All Lists]