OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: Important Comments re: INtrusion Detec

Re: Important Comments re: INtrusion Detection

Darren Reed (darrenrcyber.com.au)
Tue, 17 Feb 1998 15:40:40 +1100 (EST)

In some mail I received from Aleph One, sie wrote
[...]
> I will point to Moore's Law and to the "If you build it, they will come"
> philosophy.

I might use that as a counter argument and point out that it's ACL's and
other enchancements in routers/switches, which degrade performance, are
hence are less likely to attract.

> It may be true that such system may overload much of todays
> hardware but this will probably not be the case two, three or five years
> into the future.

I'm not so sure. Today, we are starting to see high-end firewalls
(your UltraSparcII 300mhz variety) perform reasonably well at T3
speeds. Nobody yet will certify their firewalls at 100BaseT. What
you appear to need is "tomorrow's" computer technology to deal with
"today's" networking requirements - for a firewall type application.

> The other argument is that there is hardware right now
> that can handle the load, it just happens to be very expensive. No one
> said this would be a cheap product. It may be that only organizations with
> a need for the highest security will be able to afford such a device.

What about the cost of building prototype(s) ? If very few can afford them
and they cost big bucks, then why wouldn't they go the same way as super-
computers seem to have ?

Darren

p.s. I wonder how long it would take the US government before it decided
they should be export controlled ? :-)

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:10:33 CDT