| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Sep 28 18:43:23 2005 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Suggestion for IDS On Wed, 28 Sep 2005 17:48:59 BST, "Paul S. Brown" said: > I suspect the argument here has to be cost-for-cost - in the price range for a > decent beefy OpenBSD box you aren't going to be using FWSMs, and I can quite > believe that the PIXen in that price range don't perform - the PIX 501 is > specced at 60MB/s throughput and the cheapest retail price I can find for it > is $678 for the unlimited license version - for the same money you can get a > beefy PC which will push quite a bit more than 60MB/s http://www.dealtime.com/xPO-Cisco_PIX_Firewall_501_PIX_501_BUN_K9 has at the moment 4 quotes from $449 all the way down to $382 including shipping. That's the first non-CISCO, non-sponsored link I got googling for 'PIX-501'. http://stores.tomshardware.com/search_getprod.php/masterid=515798// has a 50 user bundle for $489. http://stores.tomshardware.com/search_getprod.php/masterid=923020 has a 50->unlimited upgrade for $158. Add to previous for $647. A lot of sites don't need the "unlimited" license, because they don't have over 50 IPs on the LAN. And remember to calculate the TCO - you roll-your-own PC for under $400, you're not going to be getting as much beefy, and I didn't see any discussion of what a PIX admin will cost you versus the expense of finding an OpenBSD person - especially down in the "We only have 10-25 people with PCs" arena where you'll be lucky to have a budget for a McSE (you want fries with that?) (In the interests of fairness, you don't need much beefy if you're Cisco - the listed technical specs on the innards of the PIX-501: Processor: 133-MHz AMD SC520 Processor Random access memory: 16 MB of SDRAM Flash memory: 8 MB System bus: Single 32-bit, 33-MHz PCI Comparing the rated 60Mbytes/sec with that system bus, and the fact that traditional designs will require at least 2 PCI accesses per (one inbound from ethernet to memory, and one outbound from memory to the ethernet), and it becomes clear that there's some major black magic - 2 PCI cycles per only leaves them 6MBytes/second of PCI bandwidth (and more importantly, also means that you need to have enough smarts to keep the inbound pipe drained and the outbound pipe full all the time....) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050928/b07bcecc/attachment.bin
Powered by blists - more mailing lists