Having just come back from a half day seminar with ISS, Nokia and Top Layer, I
might be able to help with this. Top Layer makes a switch that claims to be able
to handle gig interfaces and replicate them to a number of interfaces which can
be tied to I think up to 10 ISS IDS sensors. They do a round-robin load balance
to the sensors and claim this is the way they can monitor large pipes. Also ISS
now ships on the same Nokia platform that FW1 runs on which has a fast stack. The
url for Top Layer is www.toplayer.com , the concept of how they do there
switching looks interesting " layer 2 switching with layer 7 knowledge." And I
think any ids can be sitting of the load balanced ports.
daniel
Aaron Schultz wrote:
> I've found no product that can do network-based detection for 100+Mb
> environments. Currently we've decided on host-based IDS as our answer.
> Both ISS and Axent's products can do similar management of multiple hosts
> similar to network-based products including the ability to watch single
> port-scans across multiple hosts, etc. ISS and Axent are also
> multi-platform.
>
> - Aaron Schultz
> - [EMAIL PROTECTED]
> ------
>
> On Thu, 3 Aug 2000, Johnson, Carl wrote:
>
> > Bandwidth is an issue for me. I'm told by Cisco that
> > NetRanger (or Intrusion Detection System as it is called
> > now) also cannot monitor more than 100mbs.
> >
> > Does anything know of an IDS system that can go over 100mbs?
> > Perhaps with a gig interface? That is, if adequate monitoring
> > is even possible with today's hardware at those speeds!
> >
> > Thanks!
> > Carl
> >
> > > -----Original Message-----
> > > From: Aaron Schultz [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, August 03, 2000 10:54 AM
> > > To: Firewalls LIST
> > > Subject: Re: Intrusion Detection
> > >
> > >
> > > I wouldn't promote NFR...
> > >
> > > They can't monitor much bandwidth...(ie: 100+Mbit)
> > > When I asked about monitoring any amount of bandwidth they sent me to
> > > voicemail and I wasn't called back until the sales associate
> > > decided it
> > > was time to check to see if I had received answers to my various
> > > questions. Furthermore, they claim the only way to monitor a decent
> > > amount of bandwidth is to put multiple NFR devices behind a
> > > foundry (or
> > > similar) switch, although they don't have true answers on how
> > > the machines
> > > coordinate their data when used seperately like this.
> > >
> > > NFR also lists only DESKTOP devices (ie: Compaq PCs) on their
> > > literature,
> > > not 1 piece of hardware listed was a decent server platform.
> > >
> > > I never made it to their evaluation of their product - I find their
> > > pre-sales support to be less than adequate. Currently the
> > > best answers
> > > for IDS (IMO) are:
> > > - Internet Security System's products
> > > - Axent's (now Norton's) product line
> > > (both have Windows agents)
> > >
> > > - Aaron Schultz
> > > - [EMAIL PROTECTED]
> > > ------
> > >
> > > On Thu, 3 Aug 2000, Fabio Pietrosanti wrote:
> > >
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > Network Flight Recorder, run only on Unix, but it's the
> > > BEST and the most
> > > > difficult to tune in my opinion. It use his N-Code for creating the
> > > > Backend filter.
> > > > look here http://www.nfr.net
> > > >
> > > > Pietrosanti Fabio I.NET SpA, High Quality Access
> > > to the Internet
> > > > e-mail: [EMAIL PROTECTED] ( Direzione Tecnica,
> > > Gruppo Firewall )
> > > > [EMAIL PROTECTED]
> > > > PGP Key (DSS)
> > http://naif.itapac.net/naif.asc
> > >
> > > Home Page URL: http://www.inet.it
> > > Sede: Via Caldera, 21 20153 Milano
> > > Tel: 02-409061 Fax: 02-40906303
> > > --
> > > Free advertising: www.openbsd.org - Multiplatform Ultra-secure OS
> > >
> > >
> > > On Thu, 3 Aug 2000, Rob Serfozo wrote:
> > >
> > > > We are investigating the installation of Intrusion Detection software.
> > > > Wondering if the list had any opinions good or bad towards any product.
> > We
> > > > are hoping to be able to run on a Windows platform. We are currently
> > using
> > > > a PIX firewall.
> > > >
> > > > Thanks,
> > > > Rob Serfozo
> > > >
> > > > -
> > > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > > "unsubscribe firewalls" in the body of the message.]
> > > >
> > > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.0.1 (GNU/Linux)
> > > Comment: For info see http://www.gnupg.org
> > > Filter: gpg4pine 4.1 (http://azzie.robotics.net)
> > >
> > > iD8DBQE5iZc8dK5I1NnlcMYRArVIAJwLOjB3xWV8dJL8HcC2GN7JnvWBBwCgnN2v
> > > f/8+3RNhPbhLeFLQ7/hRqzY=
> > > =eoJG
> > > -----END PGP SIGNATURE-----
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
