RE: IDS\IPS that can handle one Gig
From: Andrew Plato (andrew.plato_at_anitian.com)
Date: 05/25/05
- Previous message: James Blake: "Re: IDS\IPS that can handle one Gig"
- Maybe in reply to: Brian Blankenship: "IDS\IPS that can handle one Gig"
- Next in thread: Jonathan Glass: "Re: IDS\IPS that can handle one Gig"
- Reply: Jonathan Glass: "Re: IDS\IPS that can handle one Gig"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 May 2005 17:09:34 -0700 To: <focus-ids@securityfocus.com>
DISCLAIMER: I am a greedy IPS reseller. ;-)
Lots of IPSs can handle 1GB.
TippingPoint 1200, 2400, or 5000 (5GB!)
ISS G1000, G2000
FortiGate 1000 or better
Juniper
Etc.
Lots of them fail at 1GB because that's a buttload-O-packets to handle.
Especially if they're little UDP packets. The thing is, they can say
they're rated to 1GB because they can, theoretically handle 1GB. But,
the only way to get there is with a paltry policy set that only checks a
few things.
If you need raw ungodly performance, you might want to stick to the
ASIC-based IPSs. They tend to be faster and have a much lower latency.
This would be TippingPoint and Fortigate. I don't think McAfee uses
ASICs, but I don't know. ISS, Juniper, Symantec, Cisco, etc. are all
software running on some OS.
ASICs also have the added benefit that they are more secure as an
appliance. Its almost totally impossible to crack an ASIC-based system.
The OS-based IPSs usually run on-top of some hardened Linux or BSD
kernel. Which means, its possible (although unlikely) that a root
exploit to the Linux kernel could turn your security appliance into an
insecurity appliance.
___________________________________
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
-----Original Message-----
From: Randall Jarrell [mailto:rgj@msn.com]
Sent: Thursday, May 19, 2005 8:28 AM
To: focus-ids@securityfocus.com
Subject: IDS\IPS that can handle one Gig
Greetings,
We are currently evaluating IDS\IPS vendors. We have tried two vendors,
whom I will not name unless you ask me, that have made claims that they
can handle a Gig of through put but actually start to fail around the
300-500MB range.
Could anyone share a success story of a vendor they are using that is
handling this type of traffic?
Thanks in advance,
-RGJ
------------------------------------------------------------------------
-- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
- Previous message: James Blake: "Re: IDS\IPS that can handle one Gig"
- Maybe in reply to: Brian Blankenship: "IDS\IPS that can handle one Gig"
- Next in thread: Jonathan Glass: "Re: IDS\IPS that can handle one Gig"
- Reply: Jonathan Glass: "Re: IDS\IPS that can handle one Gig"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
