I totally agree on the usability testing; that was our primary focus in
the last IPS test. In this test, we're going to push on performance
because it hasn't really been done before (at least not competently at
this speed), and that's a new and interesting angle. However, a lot of
what I'm contributing to this (David Newman is really the world's best
performance tester) is going to be in the areas such as usability,
although it will be second-place to the performance focus.
In terms of spike versus sustained, that's a good point. Systems *do*
behave very differently when they see a massive spike compared to a
steady state. I suspect that we have enough on our plate right now that
adding that kind of testing would be infeasible, but it's an outstanding
idea.
Best,
jms
Andrew Plato wrote:
> Joel,
>
> Just a suggestion...
>
> In your next round of tests, how about creating a situation where the
> traffic is similar to a real network. IPS tests tend to throw a massive
> ton of traffic at boxes that is sustained for hours or days. That is not
> how most networks operate. Most networks are a mix of lots of different
> protocols and have spikes and valleys in usage. Its rare to see a
> network with fully saturated lines. How an IPS responds to a sudden
> spike in traffic is more insightful then how it holds up to a 12 hour
> barrage of traffic.
>
> I'd also like to see some usability testing. How do IPSs stack up in
> terms of their long-term usability? I think users want to know more than
> just raw performance specs. They want to know the realities of managing
> the equipment. Some equipment has great performance specs, but it causes
> brain cancer trying to use it every day.
>
> Just some suggestions.
>
>
> -----------------------------------------------
> Andrew Plato, CISSP, CISM
> President/Principal Consultant
> Anitian Enterprise Security
>
> -----------------------------------------------
>
>
>
>
> -----Original Message-----
> From: Joel M Snyder [mailto:Joel.Snyder_at_Opus1.COM]
> Sent: Thursday, February 02, 2006 12:54 PM
> To: focus-ids_at_securityfocus.com
> Subject: Network World IPS Review Invitation - calling all IPS vendors!
>
> If you make an IPS, please ask your PR person to read:
>
> http://www.networktest.com/ips06/ips06invite.html
>
> It is an invitation to Network World's IPS performance test.
>
> jms
> --
> Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
> Phone: +1 520 324 0494 (voice) +1 520 324 0495 (FAX)
> jms@Opus1.COM http://www.opus1.com/jms Opus One
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------
> _____________________________________________
> NOTICE:
> This email may contain confidential information,
> and is for the sole use of the intended recipient.
> If you are not the intended recipient, please reply
> to the message and inform the sender of the error
> and delete the email and any attachments from
> your computer.
> _____________________________________________
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice) +1 520 324 0495 (FAX)
jms@Opus1.COM http://www.opus1.com/jms Opus One
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Received on Feb 07 2006
Intro
