Black Ice is also strictly host based, so that is not quite apples to
apples. A network IDS is something you can deploy as single probes on
your key segments that monitors all traffic. Granted in todays high-speed
switched environments we have to come up with a work-around, but deploying
3rd party software to several thousand hosts is just not fun.
Carric Dooley
COM2:Interactive Media
http://www.com2usa.com
On Tue, 6 Jul 1999, Robert Graham wrote:
> I hate to do this, but....
>
> BlackICE can handle fully loaded 100-mbps without too much trouble. You can get
> an eval if you send a request to "[EMAIL PROTECTED]" and give a fax number
> for the eval agreement.
>
> It also currently detects more signatures than RealSecure, NetRanger, or NFR
> variants. The current list can be found at:
> http://netice.com/advice/intrusions
>
> I can attest to the high analysis rate because I run it on personal workstation
> at 148,800 frames/second of TCP/IP traffic. I have to tweak it massively
> (choose just the right card, tweak buffers and processor affinity, etc.) to get
> those numbers, but I think it will work fine in an average environment with
> 50,000 180-byte packets/second.
>
> The downside is that it currently runs only on WinNT (though a non-promiscuous,
> "personal" version runs on Win95/Win98). Also, to reach those traffic rates,
> you need a dual-CPU machine and a high-end NIC.
>
> Rob.
>
> --- SiOL CERT <[EMAIL PROTECTED]> wrote:
> > Hi.
> >
> > I have two intrusion detection systems on a trial run, but have to chose the
> > big winner. Both of them have been recommended as the cream of the crop and
> > 'best money can buy', but from the wrong persons.
> >
> > One of them is Cisco's Net Ranger Director, which uses HP OpenView as a GUI
> > (not prefered) and other one is ISS' Real Secure, which is a bit of a pain
> > because I'd need to set a machine on each segment of the network I want to
> > monitor.
> >
> > The third IDS is my personal favorite NFR's Network Flight Recorder (ever
> > since I read the white paper), but I need more informations about all of the
> > mentioned IDS systems (especially cons, pros are more or less known).
> >
> > The network in question is an ISP's public part of the system, which means I
> > need some detection system than can swallow more than 70Mbit traffic on the
> > fly.
> >
> > Thanks in advance,
> >
> > Saso
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
