Great Circle Associates Firewalls
(April 1998)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: FW: Virus checking at the firewall level.
From: Steve Kruse <jsk347 @ sprynet . com>
Date: Tue, 07 Apr 1998 19:04:02 -0400
To: Paul Boyer <paulboyer @ usa . net>, "'firewalls @ GreatCircle . com'" <firewalls @ GreatCircle . COM>
In-reply-to: <01BD5E83 . 40DBDF40 . paulboyer @ usa . net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All:

It seems to me that we are missing an important thread here...it is
NOT what CVP does to performance that is the real issue.  I think we
all know that for every level of security we add (be it electronic or
human) there is a performance hit.  The QUESTION is what price are we
willing to PAY to achieve (this particular) level of security???  If I
am willing to have minimalist security, I can go with a router with a
few filters and get X performance.  If I add an Application Gateway
Firewall like SecurIT (my brand...substitute yours here ;-) then I
have a lot of additional protection but I perhaps have X-1
performance.  If I want to add URL blocking, then I might have X-2
performance...etc.  Each security admin or manager must make the
decision as to what price will I pay for what level of performance. 
That, IMHO, is the real issue to deal with.  Once you make that
decision, then you can deal with whether brand X CVP is faster or
slower than Brand Y.

Steve Kruse

At 10:04 PM 4/2/98 +0200, Paul Boyer wrote:
>Yes, performance is a big issue :(
>
>I was told trend micro's one at http://www.trendmicro.com is not
using CVP for performance reasons.
>
>Has someone experince with it ?
>
>Paul
>
>-----Original Message-----
>From:	Doug Drake <ddrake @
 mci .
 net> 
>Sent:	Wednesday, April 01, 1998 8:59 AM
>To:	Gordon LaSane <glasane @
 gdsconnect .
 com>; Bruno
<soucpower @
 geocities .
 com>; firewalls mailing list
<firewalls @
 GreatCircle .
 COM>
>Subject:	RE: Virus checking at the firewall level.
>
>Conceptually CVP is a wonderful thing but can you give me any numbers
on
>the latency that this process causes on your network? I have not seen
>anything that will show me benchmarks for CVP bsed virus scanning,
>especially with a firewall and even more with encryption.  If I could
get
>some good numbers I might be infavor of it.  But until then,  I like
>speed on my network and virus scaning on the desk top  :).
>
>
>
>
>At 04:04 PM 3/31/98 -0500, Gordon LaSane wrote: 
>[Paul BOYER]  -snip- 
>
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3

iQA/AwUBNSqw4eZ40Wmdt8j7EQLunQCgznK1cYgTKUwsL6s7nEIL6y3pXXgAoNoJ
kkWOhx23Q+b3FnwEH+vMhsXj
=2QkH
-----END PGP SIGNATURE-----

***************************************************************************
* Steve Kruse                                skruse @
 milkyway .
 com          *
* Milkyway Networks                          jsk347 @
 sprynet .
 com           *
* Southern Region Sales Mgr.                 PGP Key on most Keyservers   *
* http://www.milkyway.com                    KEY ID: 0x9DB7C8FB           *
* Support your right to privacy.             Encrypt whenever possible!   *
*This sig made from 100% recycled hacking bits stopped by SecurIT Firewall*
       
***************************************************************************


References:
Indexed By Date Previous: Re: [FW1] DMZ config question
From: Carlos Roque <croque @ isla . net>
Next: RE: Questions about ICMP
From: rdew @ el . nec . com (Bob De Witt)
Indexed By Thread Previous: FW: Virus checking at the firewall level.
From: Paul Boyer <paulboyer @ usa . net>
Next: RE: Raptor Performance
From: "Dale Lancaster" <dlancaster @ raptor . com>

Google
 
Search Internet Search www.greatcircle.com