Firewall Wizards mailing list archives

Re: Important Comments re: INtrusion Detection

From: Doug Hughes <Doug.Hughes () Eng Auburn EDU>
Date: Wed, 18 Feb 1998 08:05:53 -0600


Aleph One wrote:

On Tue, 17 Feb 1998, Darren Reed wrote:

I might use that as a counter argument and point out that it's ACL's and
other enchancements in routers/switches, which degrade performance, are
hence are less likely to attract.


[ snip ]

I'm not so sure.  Today, we are starting to see high-end firewalls
(your UltraSparcII @300mhz variety) perform reasonably well at T3
speeds.  Nobody yet will certify their firewalls at 100BaseT.  What
you appear to need is "tomorrow's" computer technology to deal with
"today's" networking requirements - for a firewall type application.


Both of these issues are the same. The simple anwser is that you dont deal
with it. You do not use 100BaseT, use 10BaseT instead. You dont usee the
latest wizbang feature of the router but use simpler protocols. It the age
old tradeoff between performance, security and cost. That being said I
belive a good scalable design would workeven for tomorrow's requirements.


I'm not sure it would work. Even with Moore's law, network bandwidth
is growing at least as fast (many network people say faster) than modern
machines can handle it. So, it is at least possible that you will not
stay even with this sort of setup and may even have worse performance
as OC3, OC-12, OC-24, +++, come online.  Your active IDS/switch/gateway
has the not so unlikely potential to be a humungous bottleneck.
 It would be a hard sell to include such things in switches (to the
switch manufacturers) as they've been looking to simplify and streamline,
relying on such things as fixed header sizes, cut through, etc, to get
their speeds up. The underlying packet will be the same, but you won't
be able to fast switch anymore if you have to look at variable offsets
in the payload of packets.
 There'd sure have to be a lot of demand from the customers..

--
____________________________________________________________________________
Doug Hughes                                     Engineering Network Services
System/Net Admin                                Auburn University
                        doug () eng auburn edu

Current thread:

Re: Important Comments re: INtrusion Detection, (continued)
- - - Re: Important Comments re: INtrusion Detection Adam Shostack (Feb 18)
    - Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 18)
    - Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 16)
    - Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
    - Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)
    - Re: Important Comments re: INtrusion Detection Darren Reed (Feb 16)
    - Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 17)
    - Re: Important Comments re: INtrusion Detection Aleph One (Feb 17)
    - Re: Important Comments re: INtrusion Detection Darren Reed (Feb 17)
    - Re: Important Comments re: INtrusion Detection Aleph One (Feb 17)
    - Re: Important Comments re: INtrusion Detection Doug Hughes (Feb 18)
  - Re: Important Comments re: INtrusion Detection tqbf (Feb 14)
  - Re: Important Comments re: INtrusion Detection marc (Feb 14)
    - Re: Important Comments re: INtrusion Detection Darren Reed (Feb 14)
    - Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 15)
    - Re: Important Comments re: INtrusion Detection marc (Feb 15)
- Re: Important Comments re: INtrusion Detection Steve Bellovin (Feb 14)
  - Re: Important Comments re: INtrusion Detection tqbf (Feb 15)
    - Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 15)
  - Re: Important Comments re: INtrusion Detection Aleph One (Feb 15)
    - Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 16)

(Thread continues...)