IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: need help

From: Stefano Zanero <stefano.zanero () ieee org>
Date: Tue, 10 Aug 2004 18:52:51 +0200
tcp fin wrote:
2. Throuput (If its Inline)
Actually, if the IDS is IN line you actually want to care about the _response time_ of the device (i.e. the additional delay it adds to packet RTT times), which is not exactly the same thing as the throughput.
If the IDS is _on line_ but not _in line_ (i.e. a pure sniffer, not acting as a gateway, like most IDS products with no IPS capabilities) you must all the same take into account the _throughput_ of the device, since if the throughput is not high enough, the device will lose packets, and therefore lose attacks.
You must also remember that even if your average network usage is some X value, you must take into account network bursts, and do appropriate capacity planning studies. 

Stefano

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: