It's a Bivio box - it can certainly do 10GB and I have personally tested
it with Snort. My test wasn't Sourcefire, but the capability certainly
exists.
Andy
On 7/21/2010 2:21 PM, Curt Purdy wrote:
FYI, Roesch is claiming not 10Gbs but 10GBs! and apparently that's not
the Sourcefire appliance but Snort, at least according to this
article:
http://www.networkworld.com/news/2010/072010-is-snort-dead.html?page=2
Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA
[email protected]
[email protected]
On Thu, Jul 15, 2010 at 3:16 AM, Dave Venman<[email protected]> wrote:
<disclaimer> I work for Sourcefire</disclaimer> but I'll try to keep
this vendor-neutral
There are lots of boxes now which can, or claim they can, perform
10Gbps or more inspection.
Some of that is marketing fluff, some of it is the real McCoy.
If you have a need for 10Gbps inspection or higher then you really
need to do your homework because the boxes you pay for go for lots of
money. If you spend all that money on a solution which doesn't do IPS
properly or only do IPS properly well below the expected / rated /
claimed throughput - and I accept there are various approaches which
do work, and there are those which don't - then you're stuck with it
for the foreseeable future.
You need to do your homework seriously - check reviews, NSS reports,
anything you can lay your hands on. Then, get your hands on a unit to
evaluate them. And when you test these devices, make sure you put
them in a production environment (passively - I'm not that stupid) to
get them to inspect YOUR traffic. Don't rely on sending a PCAP to
someone and getting results, because you don't know how they've tested
your traffic, or if indeed they have tested it at all, just run basic
traffic distribution analysis on it and chucked the resulting figures
into a program to see the theoretical throughput.
And don't just test for raw IPS throughput - although it's important -
make sure the stuff you throw at it is caught - make sure it's proper
attempts to exploit vulnerabilities not just Nessus / NMAP scans, make
sure your testing rig replays traffic properly and doesn't provide an
approximation of TCP traffic, and lots of other things which need to
be done properly to test the solution effectively.
Raw throughput is only one element. If you don't get proper
inspection, then the things are essentially expensive doorstops.
On 14 July 2010 16:50, pacific.croc<[email protected]> wrote:
Juniper also has the newly launched SRX series of appliances which if I am
not wrong can deliver up to 30 Gbps
On 7/14/2010 5:02 AM, Jeffrey Chen wrote:
I think they've been here for a while now:
Palo Alto Networks PA-4000 IPS/Firewall - 10GB
Top Layer IPS 5500-1000 - 4GB individually, up to 32GB in clustering
mode.
Juniper IDP-8200 - 10GB
Just off top of my head. I think there are few others out there as
well.
--
Dave Venman
-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their
application. By making use of an SSL certificate on your web server, you can
securely collect sensitive information online, and increase business by giving
your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their
application. By making use of an SSL certificate on your web server, you can
securely collect sensitive information online, and increase business by giving
your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their
application. By making use of an SSL certificate on your web server, you can
securely collect sensitive information online, and increase business by giving
your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
