Firewall Wizards mailing list archives
Re: IDS: Net Ranger vs. RealSecure vs. NFR
From: Robert Graham <robert_david_graham () yahoo com>
Date: Tue, 6 Jul 1999 16:16:29 -0700 (PDT)
I hate to do this, but.... BlackICE can handle fully loaded 100-mbps without too much trouble. You can get an eval if you send a request to "sales () networkice com" and give a fax number for the eval agreement. It also currently detects more signatures than RealSecure, NetRanger, or NFR variants. The current list can be found at: http://netice.com/advice/intrusions I can attest to the high analysis rate because I run it on personal workstation at 148,800 frames/second of TCP/IP traffic. I have to tweak it massively (choose just the right card, tweak buffers and processor affinity, etc.) to get those numbers, but I think it will work fine in an average environment with 50,000 180-byte packets/second. The downside is that it currently runs only on WinNT (though a non-promiscuous, "personal" version runs on Win95/Win98). Also, to reach those traffic rates, you need a dual-CPU machine and a high-end NIC. Rob. --- SiOL CERT <cert () siol net> wrote:
Hi. I have two intrusion detection systems on a trial run, but have to chose the big winner. Both of them have been recommended as the cream of the crop and 'best money can buy', but from the wrong persons. One of them is Cisco's Net Ranger Director, which uses HP OpenView as a GUI (not prefered) and other one is ISS' Real Secure, which is a bit of a pain because I'd need to set a machine on each segment of the network I want to monitor. The third IDS is my personal favorite NFR's Network Flight Recorder (ever since I read the white paper), but I need more informations about all of the mentioned IDS systems (especially cons, pros are more or less known). The network in question is an ISP's public part of the system, which means I need some detection system than can swallow more than 70Mbit traffic on the fly. Thanks in advance, Saso
_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- IDS: Net Ranger vs. RealSecure vs. NFR SiOL CERT (Jul 05)
- Re: IDS: Net Ranger vs. RealSecure vs. NFR Carric Dooley (Jul 06)
- <Possible follow-ups>
- Re: IDS: Net Ranger vs. RealSecure vs. NFR Vin McLellan (Jul 06)
- Re: IDS: Net Ranger vs. RealSecure vs. NFR Robert Graham (Jul 08)