Re: Newbie IDS questions
From: ndesai01@tampabay.rr.comDate: 01/10/02
- Previous message: Mike Hrubes: "Newbie IDS questions"
- Maybe in reply to: Mike Hrubes: "Newbie IDS questions"
- Next in thread: Lee Brotherston: "RE: Newbie IDS questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 10 Jan 2002 01:01:53 -0000 From: <ndesai01@tampabay.rr.com> To: focus-ids@securityfocus.com('binary' encoding is not supported, stored as-is)
In-Reply-To: <9DCB77D01366AA4497DAFA759E1EB580BFAC33@WW1WEX01>
There are two ways that you can go that I know of. If
you have a limited budget then I would use hogwash.
This is a modified version of snort that is an inline
NIDS. The great thing about hogwash is that it is a
layer two device. It uses the same rules that snort
uses but has an additional action, drop.
If you need a commercially supported product
BlackICE (now part of ISS) makes a product called
Guard. This is the same type of device but with a
price. The main difference in the technologies is that
snort/hogwash are pattern matching NIDS were
BlackICE products are protocol analysis products.
There is good and bad to be said about both. If you
want to know more about protocol analysis NIDS look
up Robert Graham. He worked for Network General
developing Sniffer and then for NetworkICE. He has
the protocol analysis stuff down.
Neil
- Previous message: Mike Hrubes: "Newbie IDS questions"
- Maybe in reply to: Mike Hrubes: "Newbie IDS questions"
- Next in thread: Lee Brotherston: "RE: Newbie IDS questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
