Re: Important Comments re: INtrusion Detection

[Darren Reed <darrenr () cyber com au>]

In some mail I received from Aleph One, sie wrote
[...]
> I will point to Moore's Law and to the "If you build it, they will come"
> philosophy.

I might use that as a counter argument and point out that it's ACL's and
other enchancements in routers/switches, which degrade performance, are
hence are less likely to attract.

> It may be true that such system may overload much of todays
> hardware but this will probably not be the case two, three or five years
> into the future.

I'm not so sure.  Today, we are starting to see high-end firewalls
(your UltraSparcII @300mhz variety) perform reasonably well at T3
speeds.  Nobody yet will certify their firewalls at 100BaseT.  What
you appear to need is "tomorrow's" computer technology to deal with
"today's" networking requirements - for a firewall type application.

> The other argument is that there is hardware right now
> that can handle the load, it just happens to be very expensive. No one
> said this would be a cheap product. It may be that only organizations with
> a need for the highest security will be able to afford such a device.

What about the cost of building prototype(s) ?  If very few can afford them
and they cost big bucks, then why wouldn't they go the same way as super-
computers seem to have ?

Darren

p.s. I wonder how long it would take the US government before it decided
they should be export controlled ? :-)