IDS mailing list archives
RE: IDS\IPS that can handle one Gig
From: "Andrew Plato" <andrew.plato () anitian com>
Date: Tue, 24 May 2005 17:09:34 -0700
DISCLAIMER: I am a greedy IPS reseller. ;-) Lots of IPSs can handle 1GB. TippingPoint 1200, 2400, or 5000 (5GB!) ISS G1000, G2000 FortiGate 1000 or better Juniper Etc. Lots of them fail at 1GB because that's a buttload-O-packets to handle. Especially if they're little UDP packets. The thing is, they can say they're rated to 1GB because they can, theoretically handle 1GB. But, the only way to get there is with a paltry policy set that only checks a few things. If you need raw ungodly performance, you might want to stick to the ASIC-based IPSs. They tend to be faster and have a much lower latency. This would be TippingPoint and Fortigate. I don't think McAfee uses ASICs, but I don't know. ISS, Juniper, Symantec, Cisco, etc. are all software running on some OS. ASICs also have the added benefit that they are more secure as an appliance. Its almost totally impossible to crack an ASIC-based system. The OS-based IPSs usually run on-top of some hardened Linux or BSD kernel. Which means, its possible (although unlikely) that a root exploit to the Linux kernel could turn your security appliance into an insecurity appliance. ___________________________________ Andrew Plato, CISSP President/Principal Consultant Anitian Enterprise Security -----Original Message----- From: Randall Jarrell [mailto:rgj () msn com] Sent: Thursday, May 19, 2005 8:28 AM To: focus-ids () securityfocus com Subject: IDS\IPS that can handle one Gig Greetings, We are currently evaluating IDS\IPS vendors. We have tried two vendors, whom I will not name unless you ask me, that have made claims that they can handle a Gig of through put but actually start to fail around the 300-500MB range. Could anyone share a success story of a vendor they are using that is handling this type of traffic? Thanks in advance, -RGJ ------------------------------------------------------------------------ -- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- IDS\IPS that can handle one Gig Randall Jarrell (May 19)
- Re: IDS\IPS that can handle one Gig Joel Esler (May 24)
- Re: IDS\IPS that can handle one Gig Byron L. Sonne (May 24)
- Re: IDS\IPS that can handle one Gig Konstantin V. Gavrilenko (May 24)
- Re: IDS\IPS that can handle one Gig Barrett G . Lyon (May 28)
- Re: IDS\IPS that can handle one Gig Surasak H. (May 24)
- <Possible follow-ups>
- IDS\IPS that can handle one Gig Brian Blankenship (May 24)
- RE: IDS\IPS that can handle one Gig Andrew Plato (May 28)
- Re: IDS\IPS that can handle one Gig Jonathan Glass (May 31)
- Re: IDS\IPS that can handle one Gig James Blake (May 28)
- RE: IDS\IPS that can handle one Gig THolman (May 28)
- RE: IDS\IPS that can handle one Gig Prashant Khandelwal (May 31)