Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
Based on CallStack count
Security precious book m
Bypasses the web key wor
pcshare official net exa
pcshare official net exa
How to use double WAN ro
php.ini explains in deta
Only opens 80 port's saf
The invasion examination
To the Image File Execut
Making network security
The invasion examination
Serv-U bounce attack and
IDS invasion examination
Bypasses the CallStack f
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
Uses Snort1.7
After the system suffers
The distributional invas
Surveys the LKM back doo
After one time by DNS at
Analyzes tool bag which
The part prevents the me
About Ramen package of f
Captures IDS using the U
Realizes simple NIDS wit
High-level WIN2K ROOTKIT
Realizes simple NIDS wit
Discusses the network at
Linux invasion observati
Linux invasion observati
Distinguishable invasion examination system performance method
  Add date: 10/09/2008   Publishing date: 10/09/2008   Hits: 2
Total 6 pages, Current page:1, Jump to page:
 
First, outline

  The performance index is each user purchase security product surely matter of concern. But, if did not know that these targets the real meaning, did not know how these targets did measure, will be hoodwinked by the superficial parameter, will thus make the wrong decision-making.

  This article introduced the network invasion examination system's performance index's meaning, the test method, and have analyzed the method which in the test procedure possibly counterfeits, gives the user the correct selective network invasion examination product to provide distinguishable the mentality.

  Second, performance index synopsis

  The different security product, each performance index to the customer significance is different. For example the firewall, the customer will pay attention to each second volume of goods handled, each second concurrent connection number, the transmission delay and so on. The network connections number but the network invasion examination system, the customer will pay attention to each second to be able to process the network data current capacity which, each second can monitor and so on.

  Speaking of the network invasion examination system, besides the above target, some also is very actually unimportant for the customer understanding's target, even is more important, for example each second stresses the event number which Bao Shu, each second can process and so on.

  1. each second data current capacity (Mbps or Gbps)

  Each second data current capacity is refers to the network each second to adopt some node the data quantity. This target is the reaction network invasion examination system performance important target, generally wells up Mbps to weigh. For example 10Mbps, 100Mbps and 1Gbps.

  The network invasion examination system's key job principle is smells searches (Sniffer), it through establishes the network card as the promiscuous pattern, causes the network card to be possible to receive on the network interface all data.

  If each second data current capacity surpasses the network sensor's handling ability, the NIDS possibly drop, thus cannot examine the attack normally. But NIDS whether can the drop, not mainly be decided by each second data current capacity, but is mainly decided in each second stresses a package of number.

  2. each second catches Bao Shu (pps)

  Each second catches Bao Shu is reflects the network invasion examination system performance the most important target. Because the system does not stop grasps the package from the network, to the data contract work analysis and processing, search invasion and misuses the pattern. Therefore, each second institute can process data packet's how many, has reflected system's performance. The field is not familiar invades the examination system often to take each second network current capacity the judgment network invasion examination system's decisive target, this idea is wrong. Each second network current capacity was equal to that each second stresses a package of number to be multiplied by a network data package of mean size. Because the network data package of mean size difference is very big time, in stresses in same Bao Lv the situation, each second network current capacity's difference can also be very big. For example, a network data package of mean size is about 1024 bytes, system's performance can support 10,000pps each second to stress a package of number, then system each second can process the data current capacity may achieve 78Mbps, when the data current capacity surpasses 78Mbps, because the system will not be able to process presents the drop phenomenon; If a network data package of mean size is about 512 bytes, in 10,000pps each second stresses in Bao Shu the performance situation, system each second can process the data current capacity may achieve 40Mbps, when the data current capacity surpasses 40Mbps, because the system will not be able to process presents the drop phenomenon.

 
Other pages: : 1 * 2 * 3 * 4 * 5 * 6 * Next>>
Prev:IDS (invasion examination system) terminology Next:Distinguishable invasion examination system performance method

Comment:

Category: Home > invades the examination
Home