Re: ISS Site Protector WAN Performance Issues

From: SJ (sjnospam_at_yahoo.com)
Date: 05/29/03

• Next message: Rob Slade, doting grandpa of Ryan and Trevor: "REVIEW: "Hack Attacks Testing", John Chirillo"
• Previous message: Security Alert: "SSRT2439 Potential Security Vulnerability in xdrmem_getbytes() (rev.5)"
• In reply to: Alexander Delarge: "Re: ISS Site Protector WAN Performance Issues"
• Next in thread: Alexander Delarge: "Re: ISS Site Protector WAN Performance Issues"
• Reply: Alexander Delarge: "Re: ISS Site Protector WAN Performance Issues"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 29 May 2003 09:33:19 -0700

"Alexander Delarge" <alex@nowhere.com> wrote in message news:<ZNnBa.1061942$S_4.1071593@rwcrnsc53>...
> > Alex
> > Thank you for the input, but I left out a key bit of information. I
> > have several sensors distributed around the WAN over several different
> > links. The SP server is at the location with the most sensors. The
> > product is supposed to be scalable this way.
>
> Well, 150 Kbps every 2 minutes isn't exactly a tital wave of traffic. You
> could increase the bandwidth on your WAN links, that seems the most obvious.
> You could also cut down the number of sensors. 4 sensors is a lot of IDS
> capability. I am assuming these are RealSecure 7.0, 100 mbps sensors. That's
> 400 mbps of IDS capability being shoved through a 512kbps WAN link. I think
> that's a little much to expect of any technology.
>
> Alex

I do not think 150kbps is a lot every 2 minutes. 4x150 is, especially
on a 512 kbs link. Cutting down on the sensors is an option, with
redesign of Internet accessible dmz's and screened subnets. These are
only monitoring at the most 6mb links to the internet.
Even if we were monitoring gb links, the only traffic that should be
significant should be event traffic and I would buy your argument.

However, this is not related to events/second but to Site Protector
sensor polling for status information.

Is it really too much to ask of a multiple tier solution to function
as a multiple tier solution and reduce bandwidth utilization? Even if
I could make a case for a full T-1 to the sites, 600 to 700 kbps every
2 minutes for a solid 40 seconds is unacceptable.

Maybe I am being unreasonable in my expectations, but this behaviour
is not acceptable in an Enterprise Application.

SJ

• Next message: Rob Slade, doting grandpa of Ryan and Trevor: "REVIEW: "Hack Attacks Testing", John Chirillo"
• Previous message: Security Alert: "SSRT2439 Potential Security Vulnerability in xdrmem_getbytes() (rev.5)"
• In reply to: Alexander Delarge: "Re: ISS Site Protector WAN Performance Issues"
• Next in thread: Alexander Delarge: "Re: ISS Site Protector WAN Performance Issues"
• Reply: Alexander Delarge: "Re: ISS Site Protector WAN Performance Issues"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: ISS Site Protector WAN Performance Issues ... The SP server is at the location with the most sensors. ... this is not related to events/second but to Site Protector ... Is it really too much to ask of a multiple tier solution to function ... (comp.security.firewalls) Re: ISS Site Protector WAN Performance Issues ... >> is generated by the Real Secure Sensors. ... > connect to it over the WAN link either via terminal services session, VNC, ... Alex ... The SP server is at the location with the most sensors. ... (comp.security.misc) Re: ISS Site Protector WAN Performance Issues ... >> is generated by the Real Secure Sensors. ... > connect to it over the WAN link either via terminal services session, VNC, ... Alex ... The SP server is at the location with the most sensors. ... (comp.security.firewalls)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint