Re: Realsecure

From: Jeff Nathan (jeff@wwti.com)
Date: 10/17/01 

Message-ID: <3BCDBAE5.A54D2803@wwti.com>
Date: Wed, 17 Oct 2001 10:07:49 -0700
From: Jeff Nathan <jeff@wwti.com>
To: Carric Dooley <carric@com2usa.com>
Subject: Re: Realsecure

Carric Dooley wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Check the Enterasys site.. they are developing an open-source tool for
> traffic generation. They talked about it at the IO Wargames in DC. They
> said it would be out this year. It's what they use to test dragon.

I appreciate you pointing out the development of a tool. However, this
falls into the category of any number of existing tools. The number of
hosts required to simulate an enterprise network given any number of
tools, open source or not, is prohibitive enough to dictate that an
Enterprise network, a *real* Enterprise network is required. As I said
before, tools designed to simulate traffic do not test an entire ID
system, they simply test small portions of the overall system. Consider
that a modern ID system isn't comprised of just a single component but
many sub components. These include packet capture mechanisms,
defragmenters, stream reassemblers, data normalization mechanisms,
detection engines and output mechanisms.

To test network ID systems, they should be set-up as they would be
deployed in the Enterprise and exposed to real traffic.

I hope we'll see a well thought out framework for testing network ID
systems that covers these sort of requirements in the future.

-Jeff

> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.1
> Comment: Made with pgp4pine 1.75-6
>
> iQA/AwUBO82PzlUqWOkDpMZ2EQIa2wCfQQDs+O8aOHFbZ1Rvtf4bdeyctpEAoI74
> 4qR5iKdhZuIdvSqBeFkehXNZ
> =mIrs
> -----END PGP SIGNATURE----- 

-- 
http://jeff.wwti.com            (pgp key available)
"Perhaps the greatest responsibility in promoting peace is that of
punishing those who would threaten it."
- me