NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > ISS> 2000-q4

Subject: Re: Several Realsecures on 1 Server / multi processor / GBit
From: Birk Richter (b.richtersecunet.de)
Date: Tue Nov 07 2000 - 03:56:21 CST

Next message: Erik Carus: "Pb with Server Sensor"
Previous message: Marc Class: "FW: Two IP addressess in the same NIC"
In reply to: Stefan Krebs: "Several Realsecures on 1 Server"
Reply: Birk Richter: "Re: Several Realsecures on 1 Server / multi processor / GBit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------

Hello,

>I want to use only one server for several real secures. These RS should
>survey different networksegments.
>Does anybody know if its possible to solve that problem with using
>different network cards each for eery segment and every RS

On Solaris you could set up multiple RealSecure
on one (big) server by using chroot environmnets for
every RealSecure.

Some configurations would have to be done:

o Each RealSecure must has it's own complete package (/opt/ISS ...).
  Do one installation process and then copy the directory.
o Each RealSecure must work in it's own chroot environment.
  (pathes are hard linked in the binaries)
  Set up the needed chroot environment is a hard work !
o Each RealSecure must have it's own IP-address for the management
  network interface (virtual NIC's)
o Each RealSecure must have it's own connection ports.
  (error: port already in use)
  You must do the first connect to the RealSecures with the
  standard ports. Then you can set up the new own ports.

Multiple RealSecure on one server need a big server.

BTW 1: The RealSecure Engine works with multiple threads.
Can I use the RealSecure Engine for the actual packet analysis
in multiple threads, too? In other words, do I have an advantage using
multi processor servers (like Sun E 220 R) for packet analysis?

btw 2: Can I configure a GBit-NIC for the sniffing device ?
If the GBit-NIC supports DLPI, should it work ?!
Do you have any expieriences with GBit-NICs ?

Birk

---------------------
secunet
Security Networks AG Fon/Fax: (49) (03 51) 4 39 59-30/59
Ammonstrasse 72 Mobil: (01 71) 2 20 83 79
01067 Dresden E-Mail: b.richtersecunet.de
Germany URL: www.secunet.de

Next message: Erik Carus: "Pb with Server Sensor"
Previous message: Marc Class: "FW: Two IP addressess in the same NIC"
In reply to: Stefan Krebs: "Several Realsecures on 1 Server"
Reply: Birk Richter: "Re: Several Realsecures on 1 Server / multi processor / GBit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]