Martin,
>I don't know so much details about how your products are builded and
>designed, but... Don't you think that using the same box as a
>Firewall/router/switch and as IDS could overload the device (the box)???
Does adding FW-1 to a Nokia box overload the box? That's another vendor's software
product on a Nokia blade. You rely on those vendors abilities to integrate and perform
joint testing.
Where ever possible at Cisco we use either a dedicated processor (sensor) or
co-processors (blade).
In this instance Cisco developed and tests the operating system, the platform and
feature (single vendor, minimizing risk). We do have a small background enabling new
software features in our IOS on our platforms without adversely effecting the
performance of the underlying platform (NAT, QOS, etc...). We open the architecture to
support standards (i.e. the MIB) and to create an environment where third parties can
create focused management and reporting capabilities.
>I see a bit dangerous relying in the same box to do both
>thing.
Is your concern complexity and testing? You need to rely on your vendor's track
record for that. Wouldn't it be interesting if more devices in your network had the
capability and you (or your agent) could turn the capability on and off as needed?
Regards,
Brian
At 11:35 PM 10/30/2000 -0600, Martin H Hoz-Salvador wrote:
>Brian Ford wrote:
> >
> >
> > The technically interesting part is the inclusion of IDS sensor technology in a
>Catalyst
> > blade, several IOS trains and soon PIX firewall builds. So now you can have a
>dedicated
> > sensor, sensor in a router, sensor in a switch, or sensor in a firewall. Gee
>whiz, you
> > can have a sensor just about anywhere you need it!
> >
>
>I don't know so much details about how your products are builded and
>designed, but... Don't you think that using the same box as a
>Firewall/router/switch and as IDS could overload the device (the box)???
<snip>
Brian Ford
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]