Re: Realsecure

From: Jeroen Wortelboer (jwortel@carotechnology.com)
Date: 10/10/01 

Date: Wed, 10 Oct 2001 09:00:11 +0200
Message-Id: <200110100700.JAA32240@mailhost2.freehosting.nl>
From: "Jeroen Wortelboer" <jwortel@carotechnology.com>
To: "yh lee" <micklee74@hotmail.com>, focus-ids@securityfocus.com
Subject: Re: Realsecure

For me it's always more a matter of what kind of staff you have walking
around. If you have Unix people and a nice budget, go for the Unix
option. If not, the NT option will do fine.

In my experience, the Unix option performs a bit better because most
unix boxes and os-es handle task switches better (faster).
I am not sure but I beleive the windows version still uses a method of
capturing frames one by one so that every frames needs a task switch.

I talked to them briefly some time ago about using a bucket system for
the windows sensors (even got a working driver for it) but never heard
from it again. Perhaps is't already in there....

Is speed really an issue in your case ? In most cases the ISP is the
bottleneck of the overall system. Realsecure can handle speeds up to
100Mbps so you must have a nice uplink ;-)
Perhaps you can use a span-port-switch-trick so that you only see the
incoming traffic from you ISP but not the other frames on you DMZ. (if
you want that ofcourse) A packet filter in the policy can also help a
lot in gaining speed.

Jeroen

> hi
>
> is it better to run Realsecure Network sensor on Windows NT
> or SUn solaris in terms of performance ??
>
> what are the pros and cons of running on NT??
>
> thanks
>
> ekim
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp
>
>

Relevant Pages

  • RE: Realsecure
    ... Subject: Realsecure ... The average client connection speed was ... If you have Unix people and a nice budget, ... Realsecure can handle speeds up to ...
    (Focus-IDS)
  • Re: Realsecure
    ... Subject: Realsecure ... If you have Unix people and a nice budget, ... > capturing frames one by one so that every frames needs a task switch. ... Realsecure can handle speeds up to ...
    (Focus-IDS)
  • RE: Realsecure
    ... but in our testing we found that RealSecure cannot handle ... If you have Unix people and a nice budget, ... capturing frames one by one so that every frames needs a task switch. ... Realsecure can handle speeds up to ...
    (Focus-IDS)
  • How do I tell RealSecure to Ignore TraceRoute from a single IP
    ... I would like to setup a filter to tell RealSecure 6.5 to Ignore Unix ...
    (comp.security.firewalls)
  • Re: Too many files in one directory (again)
    ... The VMS developers, rightly or wrongly, assumed some degree of ... sanity in the users. ... So when I do an "ls" in Unix, it does an in memory sort of the directory ... alphabetical order and Carl answered it by saying it speeds up finding ...
    (comp.os.vms)