Performance metrics testing for any IPs product must take into account the impact of three factors: network performance, security accuracy, and security efficiency.
January 25, 2003 is not a special day, but the day should be remembered by those who design and manage enterprise-class networks.
This day, the Ms-sql Slammer virus in Greenwich Mean Time 5:30, making the Internet latency increased by 20% (almost usual 20 times times). By the weekend of that week, the Slammer virus had infected about 500,000 servers and had a devastating impact on the intranet, making many E-commerce transactions stalled and severely impacting global Internet services.
Within less than two months after this serious incident, the network builders were forced to face many malicious attacks similar to the Slammer virus. At present, the popular intrusion detection system can only be seen as the forefront of enterprise protection, although it can be alerted when the attack, but the enterprise network management personnel must also rely on manual operation access to various control lists, in order to control the spread of attacks and impact range. Now, the network builders ' long-awaited Intrusion Prevention system (Intrusion-prevention System,ips) has emerged. Such systems will mature quickly, identifying attackers ' signatures and being able to file them outside the door before attacking the corporate network. While there are some tools to measure IPs performance, none of the test software can truly depict the full performance blueprint of IPs. The author thinks that the performance index test of any IPs product must take into account the influence of three kinds of factors:
Network performance, security accuracy, and security efficiency.
Network performance metrics cannot be set up alone, it must contain multiple metrics. When considering IPs performance, it is necessary to consider the total number of passes, including the introduction of IPs and the response time of the system. We can also use the session setting rate of the IPs system as one of the metrics, which should be the same rate that the LAN switch establishes and ends the session. Finally, users who require IPs devices also clearly need an IPS system to demonstrate that it can process data in real time, providing the same performance as 2-tier or 3-tier switches.
In addition to network performance, there are security features to consider. We also need to detect the number of malicious attacks that IPs can filter. It is clear that the more attacks the system can shield, the better its performance; Of course, we have to consider the issue of security efficiency. In other words, IPs can not create false negative or false positive attack detection mechanism, resulting in the real attack through the legitimate content is blocked outside the door.
We need to focus on the performance of IPs, organize a number of vendors to explore the subject, and in future articles on the performance of IPs test results introduced.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
