IDS mailing list archives
RE: IPS Reliability/Availability
From: j <y8k0vt3p () yahoo com>
Date: Wed, 15 Mar 2006 22:56:33 -0800 (PST)
--- Mike Barkett <mbarkett () nfr com> wrote:
The RISC based solution we are discussing is markedly different in that it has none of the above, and it relies less on
load
balancing than traditional "sandwich" solutions.
OK. From birds-eye view, your solution looks like FWLB in a chassi, but this forum is probably inappropriate place to discuss specifics of the NFR solution.
It's hard to be specific without knowing the details of load balancing. However, let me try to list a few issues: - Increased latencies and jitter in case of inline deployment. - Burst loss. For example, try to do a deep inspection without loss of a >>
large TCP window of a single TCP session sent by a server or a test
device over a gige interface. What's max burst you can process without loss? - If traffic from a malicious source is distributed to several CPUs,it will take you much longer or even impossible to detect the attack and start dropping malicious traffic.
It's certainly understandable that you'd be skeptical about the numbers being thrown around. You're not the only one. And it's true that a poorly Implemented distribution scheme will suffer from the problems you mention. These are not new concerns, however, and the equipment and software that we use to tackle the speed problem are specifically designed to handle these challenges. As someone said on a previous thread (or was it this thread?), let's wait until the third party numbers come out before passing judgment.
....... Sure, however lets keep in mind that the third parties dont test for spike, burst latencies and jitter in the IDP testing. See: http://seclists.org/lists/focus-ids/2006/Feb/0018.html Jack. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Re: RE: IPS Reliability/Availability y8k0vt3p (Mar 11)
- RE: RE: IPS Reliability/Availability Mike Barkett (Mar 14)
- <Possible follow-ups>
- RE: IPS Reliability/Availability Mike Barkett (Mar 16)
- RE: IPS Reliability/Availability j (Mar 16)