That is a lot of horsepower to monitor a 100mb segment, there must be a
different approach in capturing 100mbs
type traffic.
/mark
At 11:24 AM 9/7/00 -0400, Carric Dooley wrote:
>I would recommend a dual Xeon w/ 1 Gig of RAM for a saturated 100Mb segment.
>This should give you 100% certainty of seeing all attacks on that segment.
>If you need to scale beyond that you would need something like a Toplayer
>switch.
>
>
>----- Original Message -----
>From: <[EMAIL PROTECTED]>
>To: "Sadler, Connie J" <[EMAIL PROTECTED]>; "Mark, Johnston"
><[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
>Sent: Wednesday, September 06, 2000 1:13 PM
>Subject: RE: Real Secure Intrusion Detection
>
>
> > Are you sure about this:
> >
> >
> > According to ISS Real Secure 5.0 Getting Started Guide, it states the
> > following:
> >
> >
> > Setting up a system for a network sensor requires an understanding of
> > several key variables:
> >
> > CPU type and speed
> > RAM
> > Sensor policy
> > - signatures activated
> > - responses activated
> > Packets per second on network
> > Packets that match active signatures
> >
> >
> >
> > Table 1 on page 3 describes system requirements that should work on
>lightly
> > loaded networks (less than 30 MBps) for the variables listed above. For
> > more heavily loaded networks (30-60 MBps), it is strongly
> > recommended that you set up as powerful a system as you can.
> >
> > RAM
> > In a heavily loaded network, RAM is vital. The network sensor is
> > multi-threaded, so multiple processors will improve performance for a
> > single engine. The performance impact on Solaris is greater than on
> > Windows NT.
> >
> > Note:No matter how you set up your system, there may be some
> > environments in which the RealSecure network sensor cannot process
> > the network traffic. If this happens, reconfigure the network sensor to
> > reduce the number of active signatures or responses.
> >
> >
> > /mark
> > At 10:09 AM 9/6/00 -0400, Sadler, Connie J wrote:
> >
> > >We completed an extensive eval including RealSecure. It is the best for
> > >large pipes, as far as we are concerned - handles large volumes of
>traffic
> > >well, and in fact, scales better than anything else we tested.
> > >
> > >Connie
> > >
> > >-----Original Message-----
> > >From: Mark, Johnston [mailto:[EMAIL PROTECTED]]
> > >Sent: Wednesday, September 06, 2000 6:09 AM
> > >To: [EMAIL PROTECTED]
> > >Subject: Real Secure Intrusion Detection
> > >
> > >
> > >Hi,
> > >
> > >Does anyone have a site with RealSecure Intrusion detection ?
> > >I've just gone to a demo .... and well the product didn't look half bad,
>but
> > >I'm looking for some first hand experiences.
> > >
> > >Thanks
> > >Mark
> > >-
> > >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> > >"unsubscribe firewalls" in the body of the message.]
> > >-
> > >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> > >"unsubscribe firewalls" in the body of the message.]
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
