IDS mailing list archives
RE: RE: IPS Reliability/Availability
From: "Mike Barkett" <mbarkett () nfr com>
Date: Sun, 12 Mar 2006 13:12:11 -0500
-----Original Message----- From: y8k0vt3p () yahoo com [mailto:y8k0vt3p () yahoo com] Sent: Friday, March 10, 2006 2:42 AM To: focus-ids () securityfocus com Subject: Re: RE: IPS Reliability/AvailabilityThe primary "con" is that it's a fairly new approach, and therefore it's difficult to get people on the bandwagon. - it's hard to convince people that this solution is actually as fast (or faster) than an ASIC solution for the same price. ASICs have been around a long time, and people have a kind of warm fuzzy from that older technology.I'm wondering why CPU cluster technology that you are deploying is considered new in comparison to ASIC/FPGA/NP technology.
Primarily because it is newer than those technologies. Can you offer any examples in which this approach was applied to bundled network security point solutions prior to the advent of ASICs? But to your point... you're right that the concepts are similar in that, at some point, you ultimately reduce the problem to processors processing data. However, the RISC based solution removes "forklift upgrade" from the user's vocabulary.
Obviously, "software + CPU cluster" technology has some attractive properties. However, it also has several nasty properties, especially in the IDS space. In addition, the problems get nastier with adding more CPUs to the cluster, so there are a limit how many CPUs you can put in a cluster. For starters, if your load balancing scheme is based on TCP/UDP port numbers, you'll have a hard time detecting even simple port scan. - Jack
This might be partially true if the load balancing assumption were correct, but at least in the one implementation (NFR) with which I am familiar, it is not. Can you enumerate some of the inherent "nasty properties" to which you allude? -MAB ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Re: RE: IPS Reliability/Availability y8k0vt3p (Mar 11)
- RE: RE: IPS Reliability/Availability Mike Barkett (Mar 14)
- <Possible follow-ups>
- RE: IPS Reliability/Availability Mike Barkett (Mar 16)
- RE: IPS Reliability/Availability j (Mar 16)