re: Realsecure

From: dwhoward@cableaz.com
Date: 10/10/01 

Subject: re:  Realsecure
From: "dwhoward@cableaz.com" <dwhoward@cableaz.com>
Date: Wed, 10 Oct 2001 14:30:58 -0400
To: "micklee74@hotmail.com" <micklee74@hotmail.com>, "focus-ids@securityfocus.com" <focus-ids@securityfocus.com>
Message-ID: <RELAY2gJE4cjcZ4l6nv000022e3@relay2.softcomca.com>

First, my disclaimer. I'm no UNIX nor MS bigot. I'm going to go with what's best for my clients.

There are pluses and minuses for each oeprating system. UNIX: Can be argued that it takes better advantage of hardware resources and therefore performs better. However, you need an experienced, GOOD, sysadmin to ensure that your UNIX machine will be properly configured, installed, and can be troubleshot with a relatively high amount of experience. A GOOD sysadmin is hard to come by these days. Imho, there are just as many vulnerabilities with UNIX flavors as there are NT (remember, UNIX is over 25 years old). However, a good sysadmin knows many of these, and runs the most recent OS levels and patches.

NT: If properly configured, and by all mean s SECURED beyond the CD install and SP update, imho NT is "easier" to manage, for the average Network Admin. I honestly don't think you'll "notice" a HUGE disparity in using NT over UNIX, but that's an argument for a different day. The big problem with NT , well, the whole MS thing and the fact that everyone hates them, but truthfully they're exposed to more scrutiny because they have the server market, yet there is often a new vulnerability exposed on one of their products. SO, when something goes wrong with an MS product, it affects everyone. The fact is that many people use MS products, in particular NT, and in my experience, the ones that I've found having problems, also have poorly configured boxes. Assuming it's affordable, the last recommendation I would make (to lighten the load), if going with NT, dedicate the box to being JUST AN IDS. Don't have it be a multi platform box (domain controller (BAD), access control server, etc etc etc). Let it do the one thing that you need it to do. I would do that for ANY security device anyway...

So, from my long winded response, my answer would be: Go with what your company (or your client) can support...

DISCLAIMER: These are my opinions only. I usually stay out of this war. Please don't feel the need to "correct" my opinions of either UNIX or NT... :-)

At 02:27 AM 10/10/2001 +0000, yh lee wrote:
>hi
>
>is it better to run Realsecure Network sensor on Windows NT
>or SUn solaris in terms of performance ??
>
>what are the pros and cons of running on NT??
>
>thanks
>
>ekim
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .