ids inquisition

From: Casey DeBerry (cdeberry_at_navidec.com)
Date: 07/18/01


I have a client that would like to drop about 15 Real Secure sensors on
Solaris in various nap's... The bandwidth in these location vaires from
fractional T1 to full DS3+. Guessing that the average Ultra 10 with
Real Secure installed and tuned (specific rule sets) can manage a full
T1 in terms of dropped packets... is that a false statement? Anyone
have a sensor watching DS3+ traffic? What kind of hardware requirements
am I looking at?
Should I look into other IDS software?
I reccommended snort, but they didnt like the idea of opensource simply
because of the support aspects. Read a few articles including one from
securityportal that elects "Dragon" for heavy bandwidth
implimentations... Have also talked with other vendors that swear that
there product stacked up 10X better than ISS... but they all say that,
dont they? Some real world experience would be much more satisfying..
Resources or knowledge of this would be greatly appreciated.

Thanks,
Casey DeBerry
cdeberry_at_navidec.com