IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: RE: IPS Reliability/Availability

From: "Mike Barkett" <mbarkett () nfr com>
Date: Sun, 12 Mar 2006 13:12:11 -0500
-----Original Message-----
From: y8k0vt3p () yahoo com [mailto:y8k0vt3p () yahoo com]
Sent: Friday, March 10, 2006 2:42 AM
To: focus-ids () securityfocus com
Subject: Re: RE: IPS Reliability/Availability


The primary "con" is that it's a fairly new approach, and therefore it's
difficult to get people on the bandwagon.
- it's hard to convince people that this solution is actually as
fast (or faster) than an ASIC solution for the same price. ASICs have
been around a long time, and people have a kind of warm fuzzy from that
older technology.


I'm wondering why CPU cluster technology that you are deploying is
considered new in comparison to ASIC/FPGA/NP technology.


Primarily because it is newer than those technologies.  Can you offer any
examples in which this approach was applied to bundled network security
point solutions prior to the advent of ASICs?

But to your point... you're right that the concepts are similar in that, at
some point, you ultimately reduce the problem to processors processing data.
However, the RISC based solution removes "forklift upgrade" from the user's
vocabulary.


Obviously, "software + CPU cluster" technology has some attractive
properties.
However, it also has several nasty properties, especially in the IDS
space. In addition, the problems get nastier with adding more CPUs to the
cluster, so there are a limit how many CPUs you can put in a cluster.
For starters, if your load balancing scheme is based on TCP/UDP port
numbers,
            you'll have a hard time detecting even simple port scan.

- Jack


This might be partially true if the load balancing assumption were correct,
but at least in the one implementation (NFR) with which I am familiar, it is
not.  Can you enumerate some of the inherent "nasty properties" to which you
allude?

-MAB


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: