I'm not aware of any offhand but when I was at
NetRanger/Cisco IDS class awhile ago the instructor
hinted at gig being in the works but I have no idea
where that stands now. I don't deal with IDS on a
regular basis at moment (looking to move more into
security area).
My knowledge with IDS (Network IDS) in general is that
all of them are going to have issues with monitoring
high bandwidth connections, and analyzing the traffic
effectively. To me, this requires lots of CPU and
memory since you need to keep track of connections and
have a buffer/cache to piece fragments, packets, etc
back together to properly detect a exploit, attack,
etc. Breaking down your segments and having multiple
IDSs would help but that would get costly.
- Erick
--- "Johnson, Carl" <[EMAIL PROTECTED]>
wrote:
> Bandwidth is an issue for me. I'm told by Cisco
> that
> NetRanger (or Intrusion Detection System as it is
> called
> now) also cannot monitor more than 100mbs.
>
> Does anything know of an IDS system that can go over
> 100mbs?
> Perhaps with a gig interface? That is, if adequate
> monitoring
> is even possible with today's hardware at those
> speeds!
>
> Thanks!
> Carl
>
> > -----Original Message-----
> > From: Aaron Schultz [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, August 03, 2000 10:54 AM
> > To: Firewalls LIST
> > Subject: Re: Intrusion Detection
> >
> >
> > I wouldn't promote NFR...
> >
> > They can't monitor much bandwidth...(ie: 100+Mbit)
> > When I asked about monitoring any amount of
> bandwidth they sent me to
> > voicemail and I wasn't called back until the sales
> associate
> > decided it
> > was time to check to see if I had received answers
> to my various
> > questions. Furthermore, they claim the only way
> to monitor a decent
> > amount of bandwidth is to put multiple NFR devices
> behind a
> > foundry (or
> > similar) switch, although they don't have true
> answers on how
> > the machines
> > coordinate their data when used seperately like
> this.
> >
> > NFR also lists only DESKTOP devices (ie: Compaq
> PCs) on their
> > literature,
> > not 1 piece of hardware listed was a decent server
> platform.
> >
> > I never made it to their evaluation of their
> product - I find their
> > pre-sales support to be less than adequate.
> Currently the
> > best answers
> > for IDS (IMO) are:
> > - Internet Security System's products
> > - Axent's (now Norton's) product line
> > (both have Windows agents)
> >
> > - Aaron Schultz
> > - [EMAIL PROTECTED]
> > ------
> >
> > On Thu, 3 Aug 2000, Fabio Pietrosanti wrote:
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Network Flight Recorder, run only on Unix, but
> it's the
> > BEST and the most
> > > difficult to tune in my opinion. It use his
> N-Code for creating the
> > > Backend filter.
> > > look here http://www.nfr.net
> > >
> > > Pietrosanti Fabio I.NET SpA, High
> Quality Access
> > to the Internet
> > > e-mail: [EMAIL PROTECTED] ( Direzione Tecnica,
> > Gruppo Firewall )
> > > [EMAIL PROTECTED]
> > > PGP Key (DSS)
> http://naif.itapac.net/naif.asc
> >
> > Home Page URL: http://www.inet.it
> > Sede: Via Caldera, 21 20153
> Milano
> > Tel: 02-409061 Fax:
> 02-40906303
> > --
> > Free advertising: www.openbsd.org - Multiplatform
> Ultra-secure OS
> >
> > On Thu, 3 Aug 2000, Rob Serfozo wrote:
> >
> > > We are investigating the installation of
> Intrusion Detection software.
> > > Wondering if the list had any opinions good or
> bad towards any product.
> We
> > > are hoping to be able to run on a Windows
> platform. We are currently
> using
> > > a PIX firewall.
__________________________________________________
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
