- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Top Layer Networks this week is expected to unveil a clustered version of its intrusion-prevention system that can reach 8G bit/sec throughput while supporting inspection and traffic blocking through multiple routers.
The Attack Mitigator IPS 5500 ProtectionCluster combines two IPS 5500 appliances in a design that ensures that if one fails, the second will continue to operate at up to 4G bit/sec and inspect traffic at the packet level to block attempted break-ins and denial-of-service attacks. Top Layer says ProtectionCluster improves on previous fail-over mechanisms that the IPS uses by supporting the asymmetric routing architecture that large organizations favor.
Mike Paquette, vice president of technology at Top Layer, says large organizations sometimes balance traffic across two routers for better performance and reliability, but this can make it harder for an IPS to inspect traffic. "It can confuse the IPS," Paquette says, because session traffic is being shared between routers.
While there has been no independent lab testing of IPS products that explore the effect of asymmetric routing and high availability on IPS efficiency, equipment-evaluation firm NSS Group is expected to undertake such testing late next year.
One customer using the stand-alone version of Attack Mitigator IPS 5500 says he plans to upgrade to ProtectionCluster.
"I do have a single point of failure here so I plan to use this," says Dave Foss, manager of computer systems and networking at the Massachusetts Institute of Technology's research laboratory of electronics in Cambridge. The Attack Mitigator, which has been used at MIT for about a year, has been very reliable, he says.
MIT uses the Attack Mitigator 5500 as the firewall for four MIT departments, while the electronics lab is the only one that has elected to use Attack Mitigator's blocking capabilities. The result has been "the lab has the lowest number of attacks on campus for a large sub-net," Foss says.
While brief downtime on a university campus doesn't usually constitute a crisis, that is not necessarily the case in the corporate world, Foss notes. There, IPS backup and the ability to support asymmetric routing and fail-over in an IPS would have high importance, he says.
Although Attack Mitigator IPS 5500 ProtectionCluster can achieve up to 8G bit/sec throughput, it faces a far lower limit of 2G bit/sec when used to inspect traffic for content, such as filtering undesired types of file attachments.
The product costs between $50,000 and $160,000, depending on variations in speed and ports.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment