¢C/S under structure, network service detention. Must introduce the network service module in the server end and the client side, thus increases the detention which the event transmits. The majority network invasion examination system is uses the Client/Server structure, for example ISS Real Secure, Symantec's IDS system, opens the bright stars the day to be full and promise KIDS and so on. Some (B/S) the structure network invasion examination system do not have this kind of question likely based on the browser/server, for example upright technical software's Fang Tong Sniper, because its event direct access on network sensor;
* event diary storehouse record ability. Some systems collect the event (Event Collector) and the event diary storehouse separate, the event collector and the event diary database have formed the C/S structure, also has introduced the detention. If EC and the diary database on the different main engine, has introduced the network transmission delay. ISS Real Secure, opens the bright stars the day to be full and promise KIDS and so on also uses this kind of structure; Also does not have this kind of question based on the browser/server structure's network invasion examination system;
* the control bench event demonstrates the efficiency. Many control benches because of event many processing, will therefore cause the control bench to halt. Many C/S structure's control benches complete the function have been too many, for example and sensor's network service, and event collector's correspondence, and event diary database correspondence, but must complete the event to demonstrate that the event analyzes, system administration and disposition and so on. Has introduced many performance bottleneck spot. If cannot achieve the real-time monitoring, will cause the network invasion examination system's value to sell at a discount greatly.
2. hardware factor
The hardware aspect is mainly CPU handling ability, the memory, the network card and hard disk IO and so on.
¢CPU handling ability
CPU handling ability is affects the network invasion examination system network sensor performance the important attribute. CPU handling ability has the influence from three aspects to the system: The CPU basic frequency and the CPU integer, is called separately CPU longitudinal and crosswise expansion ability. , Along with the CPU basic frequency's enhancement, network sensor's handling ability is generally speaking higher, this is obvious.
But enhances the network sensor's performance along with the CPU quantity to increase on the linearity? This must look whether the system is the multi-advancements or the multi-thread construction. Many network invasion examination system is making multi-processor's optimization.
Also enormously affects the network sensor's performance to the CPU handling ability's use factor, then how to sharpen the CPU handling ability the use factor? And a very important method is carries on the CPU set of instructions to the network sensor the optimization. For example, on the P4 processor, use P4 processor's set of instructions as far as possible. Intel Corporation provides the C&C++ compiler, has in view of the set of instructions carries on optimized the function, moreover the Intel laboratory also provides this aspect to optimize the service.
Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * 6 * Next>>
|
You are here: hacking technology
> invades the examination
> Content
Category: Home
> invades the examination