KVC@csvax.caltech.edu@engvax.UUCP (Kevin Carosso) (01/13/87)
> We're investigating various security packages for our VAX. Does anyone > have any experience with AUDIT and CONTRL software produced by Clyde > Digital Systems? We're considering these two packages to run under VMS > and would be interested in comments on it, good or bad, from other users. > In particular, we would like to know the effect these pacakages have on > response time and wether Clyde Digital's claim that they only require > 10K of disc for every 20 ports and 2% CPU overhead, is realistic. I'm also interested in the Clyde package. I received a 15 or so page write up from them on something called SenSurGATE/USERMON, which seems to work in conjunction with AUDIT to postprocess the audit files and look for high-risk users and events. Anyone out there have this stuff? I too, question the 2% CPU overhead. In talking to a sales-type from Clyde, he implied that if you run MONITOR while this thing's running, you'd only see about 2% of the CPU going to the USERMON process. Now, this may well be, but I'm not convinced the USERMON process is the major source of overhead. The kernel mode code that sits between the TT class and port drivers must account for something and that overhead will not be quite so obvious. It'll be some increase in time spent in kernel mode, but seems to me to be difficult to measure since it's overhead that starts out negligible (no users) and increases as system load increases. The best way to measure that is with some standard system with some number of simulated interactive users (perhaps terminal lines being driven by another system) and compare kernel mode times with auditing enabled and disabled. Has anyone, most notably Clyde themselves, tried something like this? /Kevin Carosso kvc%engvax.UUCP@usc-oberon.usc.edu Hughes Aircraft Co.