Re: Re: Changes in IDS Companies?From: Aaron Turner (email@example.com)
- Previous message: Andrew Plato: "Re: Changes in IDS Companies?"
- In reply to: Proxy Administrator: "Re: Re: Changes in IDS Companies?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 9 Nov 2002 09:22:50 -0800 From: Aaron Turner <firstname.lastname@example.org> To: Proxy Administrator <email@example.com>
On Tue, Nov 05, 2002 at 08:32:51AM -0000, Proxy Administrator wrote:
> Aiguo Fei wrote :
> >>so you wouldn't miss any attack that it *could* detect.
> >This is NOT true. If the IDS system doesn't have enough
> >processing >power or doesn't have a good enough performance,
> >under certain load >it may fail to process(analyze) the packet to
> >catch the attack (of >course it has to let it pass through to
> >fullfill the inlining >requirement).
> Hmmm... is this true for any other system out there which is
> placed inline? I thought this issue would be handled the same way
> a firewall would handle it.
I've gotta agree with Proxy Admin here... failing open is NOT acceptable.
The solution to the performance issue is either a more powerful device or
some means to do load balancing.
-- Aaron Turner <aturner at pobox.com|synfin.net> http://synfin.net/aturner They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin
pub 1024D/F86EDAE6 Sig: 3167 CCD6 6081 0FFC B749 9A8F 8707 9817 F86E DAE6 All emails by me are PGP signed; a lack of a signature indicates a forgery.
- application/pgp-signature attachment: stored