Re: IDS recommendations

From: Talisker (talisker@networkintrusion.co.uk)
Date: 12/08/01

• Previous message: Kevin Brown: "RE: IDS recommendations"
• In reply to: Jeff Nathan: "Re: IDS recommendations"
• Next in thread: Chris Eidem: "RE: IDS recommendations"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Talisker" <talisker@networkintrusion.co.uk>
To: "Jeff Nathan" <jeff@wwti.com>, <Nate.Duzenberry@mortgage.wellsFargo.COM>
Date: Sat, 8 Dec 2001 20:12:21 -0000

> There is the assumption that the quality assurance process software
> undergoes before it's released somehow insures there aren't
> vulnerabilities and insures proper functionality. If that were the
> case, then commercial software wouldn't ever show up on Bugtraq and
> bugfixes wouldn't exist. We all know, however, this isn't the case.

I'd have to agree with Jeff wholeheartedly, if support in some shape or form
is deemed essential, then buy a commercial IDS that will form the nucleus of
your IDS solution, thereby satisfying local policy (kinda). Surely, there's
no harm in complementing this with a tool such as Snort, in fact I'd go as
far as recommending a 2nd IDS.

With regard to support for Snort, whilst unofficial, the Snort mailing list
is superior by far to the lackadaisical (crappy) approach provided by the
support cells of many of the premier commercial vendors. I've had allsorts
from "you're query wasn't logged" to "the guy who deals with signatures is
off with a cold this week"

As to product stability, Snorts MTBF is better than many of the commercial
tools. To remedy problems, Marty turns the updates round pretty quickly.

-andy
http://www.networkintrusion.co.uk

>
> -Jeff
>
> --
> http://jeff.wwti.com (pgp key available)
> "Common sense is the collection of prejudices acquired by age eighteen."
> - Albert Einstein
>

---

• Previous message: Kevin Brown: "RE: IDS recommendations"
• In reply to: Jeff Nathan: "Re: IDS recommendations"
• Next in thread: Chris Eidem: "RE: IDS recommendations"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Value of "richer" signatures? ... Snort, Dragon, and NFR, and I can tell you that they ... Here's an example of how the newer IDS signatures help ... Let's say you are using a simple packet grepping IDS ... > an FTP connection). ... (Focus-IDS) Re: ids inquisition ... Subject: ids inquisition ... Snort isn't one of them. ... Brian Caswell - CSV output plugin, ... Christian Lademann - active response, ... (Focus-IDS) RE: IDS recommendations ... Subject: IDS recommendations ... Snort is a relatively raw tool and that usually adds ... >> I can appreciate your comments on the ISS product. ... (Focus-IDS) RE: "Free" IDS ... I am very surprised noone mentioned Demarc PureSecure IDS solution. ... It cost less than 2000.00 and it runs off of the snort engine and has a big ... if you want to learn snort then just read up on it. ... (Focus-IDS) RE: Test tools for IDS ... "Sneeze" is great for Snort IDS. ... Captus Networks IPS 4000 ... Intrusion Prevention and Traffic Shaping Technology to: ... (Focus-IDS)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)