Re: Realsecure
From: malj31 (malj31@dial.pipex.com)Date: 10/13/01
- Previous message: virtualphil: "Re: Realsecure"
- In reply to: Bob Walder: "RE: Realsecure"
- Next in thread: Stover, S.f.: "Re: Realsecure"
- Next in thread: Peters, Michael D.: "RE: Realsecure"
- Reply: Stover, S.f.: "Re: Realsecure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <001201c153d0$7d74bcb0$0301a8c0@holly> From: "malj31" <malj31@dial.pipex.com> To: <focus-ids@securityfocus.com> Subject: Re: Realsecure Date: Sat, 13 Oct 2001 11:19:02 +0100
Is it true that in order for an IDS system to be included in your testing
that you charge the company? If so does this not affect your opinion if the
company declines to pay?
----- Original Message -----
From: "Bob Walder" <bwalder@nss.co.uk>
To: <focus-ids@securityfocus.com>
Sent: Wednesday, October 10, 2001 6:29 PM
Subject: RE: Realsecure
> Sorry to nit pick, but in our testing we found that RealSecure cannot
handle
> anything like 100Mbps in terms of raw sniffing speed with small packets.
>
> We are re-doing our testing this year with additional participants and
> including a "real world" packet mix to try and give people an idea of how
> these things will perform in a "real" network (how long is a piece of
> string....). Unfortunately, ISS has declined to participate - read into
that
> what you will!
>
> Of course, one of the best performing products we found last year was
> NetworkICE, so it will be interesting to see what happens when ISS manages
> to incorporate the BlackICE sniffing engine into its NIDS product -
> hopefully they will feel a bit more confident about participating in tests
> at that point....
>
> For now, if performance is an issue, best avoid RealSecure
>
> Regards,
>
> Bob Walder
> Director
>
> The NSS Group
> England
>
> E-Mail: bwalder@nss.co.uk
> Internet: http://www.nss.co.uk
>
> -----Original Message-----
> From: Jeroen Wortelboer [mailto:jwortel@carotechnology.com]
> Sent: 10 October 2001 08:00
> To: yh lee; focus-ids@securityfocus.com
> Subject: Re: Realsecure
>
>
> For me it's always more a matter of what kind of staff you have walking
> around. If you have Unix people and a nice budget, go for the Unix
> option. If not, the NT option will do fine.
>
> In my experience, the Unix option performs a bit better because most
> unix boxes and os-es handle task switches better (faster).
> I am not sure but I beleive the windows version still uses a method of
> capturing frames one by one so that every frames needs a task switch.
>
> I talked to them briefly some time ago about using a bucket system for
> the windows sensors (even got a working driver for it) but never heard
> from it again. Perhaps is't already in there....
>
> Is speed really an issue in your case ? In most cases the ISP is the
> bottleneck of the overall system. Realsecure can handle speeds up to
> 100Mbps so you must have a nice uplink ;-)
> Perhaps you can use a span-port-switch-trick so that you only see the
> incoming traffic from you ISP but not the other frames on you DMZ. (if
> you want that ofcourse) A packet filter in the policy can also help a
> lot in gaining speed.
>
> Jeroen
>
>
> > hi
> >
> > is it better to run Realsecure Network sensor on Windows NT
> > or SUn solaris in terms of performance ??
> >
> > what are the pros and cons of running on NT??
> >
> > thanks
> >
> > ekim
> >
> > _________________________________________________________________
> > Get your FREE download of MSN Explorer at
> http://explorer.msn.com/intl.asp
> >
> >
>
>
- Previous message: virtualphil: "Re: Realsecure"
- In reply to: Bob Walder: "RE: Realsecure"
- Next in thread: Stover, S.f.: "Re: Realsecure"
- Next in thread: Peters, Michael D.: "RE: Realsecure"
- Reply: Stover, S.f.: "Re: Realsecure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
