OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Reeves, Michael (GEAE, Compaq) (michael.reevesae.ge.com)
Date: Thu Oct 18 2001 - 11:54:39 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Eric,

            I agree with you on most things but I want gigabit capabilities. By
    creating a quality sensor able to handle gig traffic benefits everyone. Then
    when you put it on a slower connection it should be able to handle that with
    no problems.

    Mike

    -----Original Message-----
    From: Eric Hacker [mailto:hackervudu.net]
    Sent: Thursday, October 18, 2001 1:39 AM
    To: focus-idssecurityfocus.com
    Subject: Performance Testing was RE: Realsecure

    I think that real world testing will provide some useful information, but it
    is only applicable if the same real world environment is used for testing at
    the same time (as Greg's report did). Even then, it won't necessary
    translate to one's own real world environment.

    In some respect we've got a sports car that will do 0-60 in under 6 seconds
    and tops out at 150. Only I'm trying to drive it on Rte. 128 around Boston
    at 8 AM. Or maybe I'm trying to drive it in a rain storm or blizzard. OK, so
    where you live its always a blizzard and there's lots of traffic in your
    way, adjust your expectations accordingly. You won't be doing 150.

    The most important factors in testing are that it is completely open,
    procedurally well documented and hopefully repeatable. The more tests that
    are done and shared, the better. The problem is the fine print or even
    claims with no support. These are a disservice.

    Many folks aren't trying to do gigabit IDS but have other issues. How does
    RealSecure compare on a Nokia 650 and a Sun Netra T1. (Hopefully some simple
    results coming soon). What about a Windows box with X specs?

    What if I want to try running IDS, Firewall and VPN at a small site with
    only a T1, but I want it integrated with the solutions I use for the bigger
    sites. Is there anything that can handle that load?

    Testing performance is also different from testing attack identification
    capability. If the IDS can't detect the attack with no background noise,
    then performance isn't the issue. I'd really like to see (and do) some
    detailed false negative testing for IDS as well.

    Oh the things we can think!

    Peace,
    Eric Hacker, CISSP, GCIA, MCSE, CCSE
    Network Security Consultant
    Email: hackervudu.net
    PGP key:
    vudu.net">http://keyserver.pgp.com/pks/lookup?op=get&search=hackervudu.net
    PGP Fingerprint: FADB 793E E98A 97BB 04D6 5973 7864 93A1 222B E0C7

    "Long gone are the days when one's surname referred to the role
    one had in the community."