Firewall Wizards mailing list archives
Re: Important Comments re: INtrusion Detection
From: Doug Hughes <Doug.Hughes () Eng Auburn EDU>
Date: Wed, 18 Feb 1998 08:05:53 -0600
Aleph One wrote:
On Tue, 17 Feb 1998, Darren Reed wrote:I might use that as a counter argument and point out that it's ACL's and other enchancements in routers/switches, which degrade performance, are hence are less likely to attract.[ snip ]I'm not so sure. Today, we are starting to see high-end firewalls (your UltraSparcII @300mhz variety) perform reasonably well at T3 speeds. Nobody yet will certify their firewalls at 100BaseT. What you appear to need is "tomorrow's" computer technology to deal with "today's" networking requirements - for a firewall type application.Both of these issues are the same. The simple anwser is that you dont deal with it. You do not use 100BaseT, use 10BaseT instead. You dont usee the latest wizbang feature of the router but use simpler protocols. It the age old tradeoff between performance, security and cost. That being said I belive a good scalable design would workeven for tomorrow's requirements.
I'm not sure it would work. Even with Moore's law, network bandwidth is growing at least as fast (many network people say faster) than modern machines can handle it. So, it is at least possible that you will not stay even with this sort of setup and may even have worse performance as OC3, OC-12, OC-24, +++, come online. Your active IDS/switch/gateway has the not so unlikely potential to be a humungous bottleneck. It would be a hard sell to include such things in switches (to the switch manufacturers) as they've been looking to simplify and streamline, relying on such things as fixed header sizes, cut through, etc, to get their speeds up. The underlying packet will be the same, but you won't be able to fast switch anymore if you have to look at variable offsets in the payload of packets. There'd sure have to be a lot of demand from the customers.. -- ____________________________________________________________________________ Doug Hughes Engineering Network Services System/Net Admin Auburn University doug () eng auburn edu
Current thread:
- Re: Important Comments re: INtrusion Detection, (continued)
- Re: Important Comments re: INtrusion Detection Adam Shostack (Feb 18)
- Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 18)
- Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 16)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 16)
- Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 17)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 17)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 17)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 17)
- Re: Important Comments re: INtrusion Detection Doug Hughes (Feb 18)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 14)
- Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 15)
- Re: Important Comments re: INtrusion Detection marc (Feb 15)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 15)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 15)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 15)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 16)