Re: Important Comments re: INtrusion Detection

[Aleph One <aleph1 () dfw dfw net>]

On Tue, 17 Feb 1998, Darren Reed wrote:

> I might use that as a counter argument and point out that it's ACL's and
> other enchancements in routers/switches, which degrade performance, are
> hence are less likely to attract.

[ snip ]

> I'm not so sure.  Today, we are starting to see high-end firewalls
> (your UltraSparcII @300mhz variety) perform reasonably well at T3
> speeds.  Nobody yet will certify their firewalls at 100BaseT.  What
> you appear to need is "tomorrow's" computer technology to deal with
> "today's" networking requirements - for a firewall type application.

Both of these issues are the same. The simple anwser is that you dont deal
with it. You do not use 100BaseT, use 10BaseT instead. You dont usee the
latest wizbang feature of the router but use simpler protocols. It the age
old tradeoff between performance, security and cost. That being said I
belive a good scalable design would workeven for tomorrow's requirements.

> What about the cost of building prototype(s) ?  If very few can afford them
> and they cost big bucks, then why wouldn't they go the same way as super-
> computers seem to have ?

I doubt I would compare it to building supecomputers. The challenge is
more on the par of building terabit routers and the are already a few
companies out ther with plans or prototypes of such devices.

> Darren
>
> p.s. I wonder how long it would take the US government before it decided
> they should be export controlled ? :-)

The second a non-US company starts making them ;)

Aleph One / aleph1 () dfw net
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01