Home page logo
/

nanog logo nanog mailing list archives

Re: Internet Edge and Defense in Depth
From: Jonathan Lassoff <jof () thejof com>
Date: Tue, 6 Dec 2011 13:44:05 -0800

I would argue that collapsing all of your policy evaluation and routing for
a size/zone/area/whatever into one box is actually somewhat detrimental to
stability (and consequently, security to a certain extent).

Cramming every little feature under the sun into one appliance makes for
great glossy brochures and Powerpoint decks, but I just don't think it's
practical.

Take a LAMP hosting operation for example. Which will scale the furthest to
handle the most amount of traffic and stateful sessions: iptables and snort
on each multi-core server, or one massive central box with some interface
hardware and Cavium Octeons.
If built properly, my money's on the distributed setup.

Cheers,
jof


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault