Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 11999 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

my internet is throttled down through sophos

matthewcarini

I have time warner 25/3 when i goto internet speed test i can pull at the max 18.3/3.4  44ms when i bypass the sophos i can pull 26.2/3.4 19ms i called time warner and they said is was on our side that is causing the issues most likely the sophos, i went into interfaces and QOS and i have nothing checked or applied. i have the sophos , 48port  1GB hp procurve then end point devices. can you guys help me out with this?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Emile Belcourt

    Machine Lenovo Ideapad I5 3230m cpu 2.6Ghz 6gb ram

    windows 10 64x touch

    my results with IPS on 43 ms 17.32 Down 3.3Up

    with IPS off 44ms 24.24Down 3.32 UP

    when I bypass the sophos all together 19ms 26.3 down and 3.3up

    Do i Really need the IPS? what are the Pros and Cons?

  • 0 in reply to matthewcarini

    IPS is Snort and is one of the forerunners in protecting your internal network against attacks that could not be caught by a standard firewall. It's an extra layer of protection on top of your firewall and inspects every packet flowing through the links to see if the packet flow harbours any attacks that match against it's pattern database.

    The issue is with snort is it's very processor intensive and analyses every single packet so can cause network slowdown. The only way to combat this without physically turning IPS off is reducing the active ruleset by turning off rules that don't apply to your business like if you don't have an SQL server, why does IPS need to do SQL server attack detection. You can reduce the rule age limit to 6 months which decreases the ruleset as well.

    I only ever advise reducing the age limit if you and your infrastructure is constantly on top of security patching as a lot of attacks that were "immunised" years ago are resurfacing and attacking machines not properly patched or have missed security patches.

    To put the value of IPS in perspective, a customer was being penetration tested over a week and without IPS they found access points and failed. They then turned on IPS and the penetration testers could not gain any foothold on anything behind the UTM to which they asked if to could be turned off. I think you can guess the two worded answer in response after finding that out!

Unfiltered HTML