TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Multi NIC engines have never been supported by us. We have some customers
using this configuration, but it is not supported.
Part of the issue is engine architecture. For example, RealSecure does not
currently allow you to specify processor affinity. This may not seem like a
requirement, but if you want to have some reasonable control over
performance it's a good idea. The other issue is just that the network
engine is the most resource intensive of all IDS detectors and we honestly
feel that doubling up on one system isn't the right way to go. You can agree
or disagree on that point, but that's how we feel about the issue at this
time. If you look at other IDS vendor web sites, you'll see that even those
who officially support this configuration STRONGLY recommend you not use it.
All that said, you are of course free to secure your environment in whatever
way you feel comfortable and supported or not, if it works for you...Great!
:)
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 18, 2000 7:58 AM
To: Lunsford, Scott
Cc: '[EMAIL PROTECTED]'
Subject: Re: FW: Real Secure Engine with 3 NICs -reply
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Is this option still available from ISS? I recently spoke with them to
provide configuration details, and they said that multi-NIC configs are no
longer available. Essentially, a seperte $8K engine is required for each
segment to be monitored.
I'd like to investigate a multi-NIC option if it is available. (NT or
Solaris)
"Lunsford, Scott" <[EMAIL PROTECTED]> on 16/02/2000 18:08:07
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
cc: (bcc: Gavin Adams/CONSUL/ErnstYoung/BM)
Subject: FW: Real Secure Engine with 3 NICs -reply
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
---------------------------------------------------------------------------
-
Actually, this is an ideal IDS architecture. We use this configuration to
monitor our external ethernet segments (external being outside the
firewall). We have 2 nics in the RealSecure box. One nic is connected to
the external network strictly listening (stealth mode), the other nic is
connected to our internal network and is used to communicate with the
console. We find this to be ideal.
Scott Lunsford
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 17, 2000 7:34 AM
> To: Benjamin Mah
> Cc: [EMAIL PROTECTED]
> Subject: Re: Real Secure Engine with 3 NICs -reply
>
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of
> your message to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help
> with any problems!
> --------------------------------------------------------------
> --------------
>
> It works, but it is not an ideal IDS architecture. Is there
> a reason why
> you are setting up your IDS system this way??
>
> /m
>
>
>
>
> "Benjamin Mah" <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 02/14/00 04:57 PM
>
>
> To: <[EMAIL PROTECTED]>
> cc:
> Subject: Real Secure Engine with 3 NICs
>
>
>
> I am trying to do an engine with 3 NICs which means there
> will be 2 NICs
> without any IPs and IP forwarding ... the last NIC would
> have an internal
> IP address which reports back to the internal Console... Has
> anyone tried
> this ? Does this work ? Are there any security complication
> if i really
> implement this ?
>
> Thanks
> BenJiZs
>
>
>
>
---------------------------------------------------------------------------
This message is intended only for the use of the individual or entity to
which it is addressed and may contain information which is privileged,
confidential or subject to copyright. Ernst & Young disclaim all
responsibility and accept no liability (including negligence) for the
consequences for any person acting, or refraining from acting, on such
information prior to the receipt by those persons of subsequent written
confirmation. Any unauthorised use, disclosure, distribution or copying of
this communication by anyone other than the intended recipient is strictly
prohibited. When addressed to our clients any opinions or advice contained
in this email are subject to the terms and conditions expressed in the
governing Ernst & Young client engagement contract.
If you have received this message in error, please notify us immediately
by telephone at +1-441-295-7000 and destroy and delete the message
from your computer.
