I would recommend a dual Xeon w/ 1 Gig of RAM for a saturated 100Mb segment.
This should give you 100% certainty of seeing all attacks on that segment.
If you need to scale beyond that you would need something like a Toplayer
switch.
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "Sadler, Connie J" <[EMAIL PROTECTED]>; "Mark, Johnston"
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, September 06, 2000 1:13 PM
Subject: RE: Real Secure Intrusion Detection
> Are you sure about this:
>
>
> According to ISS Real Secure 5.0 Getting Started Guide, it states the
> following:
>
>
> Setting up a system for a network sensor requires an understanding of
> several key variables:
>
> CPU type and speed
> RAM
> Sensor policy
> - signatures activated
> - responses activated
> Packets per second on network
> Packets that match active signatures
>
>
>
> Table 1 on page 3 describes system requirements that should work on
lightly
> loaded networks (less than 30 MBps) for the variables listed above. For
> more heavily loaded networks (30-60 MBps), it is strongly
> recommended that you set up as powerful a system as you can.
>
> RAM
> In a heavily loaded network, RAM is vital. The network sensor is
> multi-threaded, so multiple processors will improve performance for a
> single engine. The performance impact on Solaris is greater than on
> Windows NT.
>
> Note:No matter how you set up your system, there may be some
> environments in which the RealSecure network sensor cannot process
> the network traffic. If this happens, reconfigure the network sensor to
> reduce the number of active signatures or responses.
>
>
> /mark
> At 10:09 AM 9/6/00 -0400, Sadler, Connie J wrote:
>
> >We completed an extensive eval including RealSecure. It is the best for
> >large pipes, as far as we are concerned - handles large volumes of
traffic
> >well, and in fact, scales better than anything else we tested.
> >
> >Connie
> >
> >-----Original Message-----
> >From: Mark, Johnston [mailto:[EMAIL PROTECTED]]
> >Sent: Wednesday, September 06, 2000 6:09 AM
> >To: [EMAIL PROTECTED]
> >Subject: Real Secure Intrusion Detection
> >
> >
> >Hi,
> >
> >Does anyone have a site with RealSecure Intrusion detection ?
> >I've just gone to a demo .... and well the product didn't look half bad,
but
> >I'm looking for some first hand experiences.
> >
> >Thanks
> >Mark
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
