RE: IDS Players?
From: Gary Halleen (ghalleen@cisco.com)Date: 06/18/02
- Previous message: Marnix Petrarca: "Re: IDS Players?"
- In reply to: Marnix Petrarca: "Re: IDS Players?"
- Next in thread: Vitaly Osipov: "Signature vs Anomaly- again (wasRe: IDS Players?)"
- Next in thread: Warren Baker: "RE: IDS Players?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Gary Halleen" <ghalleen@cisco.com> To: "Marnix Petrarca" <Marnix@DaemonLabs.com>, "Nicholas Bachmann" <nbachmann@mail.davison.k12.mi.us> Date: Tue, 18 Jun 2002 07:32:34 -0700
It was actually August 20, 2001.
Gary
-----Original Message-----
From: Marnix Petrarca [mailto:Marnix@DaemonLabs.com]
Sent: Tuesday, June 18, 2002 4:01 AM
To: Nicholas Bachmann; Gary Halleen
Cc: Bill Mote; focus-ids@securityfocus.com
Subject: Re: IDS Players?
-----BEGIN PGP SIGNED MESSAGE-----
Hmm, perhaps you should have said:" According to Network Computing magazine
in
*1999*...(If I am in error here, please correct me!)
Anyway, here's a more recent review, which has an other opinion on which is
best... in regard to evasion techniques!
http://www.nwfusion.com/news/2002/0415idsevad.html
A comment on Signature vs. Protocol vs. Anomaly IDS environments:
http://www.scmagazine.com/scmagazine/sc-online/2002/article/23/article.html
And the latest test from NSS (Dec. 2001)
http://www.nss.co.uk/download.htm
http://www.nss.co.uk/ids/ids_edition_2.htm (HTML)
http://www.nss.co.uk/ids/IDS%20Group%20Test%20Report%20Edition%202.pdf
(.PDF)
A general index to SC Magazine tests (check it out!)
http://www.scmagazine.com/scmagazine/sc-online/archives/index.html
http://www.scmagazine.com/scmagazine/sc-online/archives/i_intrusion.html
http://www.westcoast.com/events/awards/ shows a different winner all around
(NFR Security SC Magazine Award)
- - If anyone knows of more recent reviews, please let me know - always
interested!
Marnix
DaemonLabs Network Security
P.O. Box 188
1600 AD Enkhuizen
The Netherlands.
Chamber of Commerce 370.961.29
Phone: +31-228-325-005
Fax: +31-228-325-009
Mobile: +31-6-11-250-524
- ----- Original Message -----
From: "Nicholas Bachmann" <nbachmann@mail.davison.k12.mi.us>
To: "Gary Halleen" <ghalleen@cisco.com>
Cc: "Bill Mote" <bill.mote@mem.com>; <focus-ids@securityfocus.com>
Sent: Tuesday, June 18, 2002 1:38 AM
Subject: Re: IDS Players?
> Gary Halleen wrote:
>
> >According to Network Computing magazine, the top three are:
> >
> My opinions in short:
>
> >Enterasys Dragon
> >
> If you can afford it, excellent. I previewed it, and was impressed.
> The Dragon mailing list is informative and excellent; the programmers
> and QA folks from Enterasys (even their top IDS guy) join in frequently
> and some smart people from big name places (I guess I'm jelous, all my
> employer makes is futures :-) give good advice and ask intelligent
> questions.
>
> >Cisco IDS
> >
> If you have Cisco infrastructure, excellent. If not, this probably
> isn't as valuable for you as ^ or \/. I haven't had much experiance
> with Cisco, so maybe I've just been eating paste again.
>
> >Snort
> >
> If you're want to customize your IDS, or you don't fit into the above
> two catagories (i.e. short on cash and without a Cisco(1) network),
> excellent. I'm setting up a system using Snort, and have been very
> happy with it. Snort, like Dragon, has the advantage of easy access to
> the authors and testers. :-) The database plugins + PostgreSQL + ACID
> make a decent setup for network-wide monitoring.
>
> (1) Which probably has to do with the short on cash part. :-)
>
> >-----Original Message-----
> >From: Bill Mote [mailto:bill.mote@mem.com]
> >
> [...]
>
> >I've read about signature based IDS and host based IDS. I've even read
some
> >material about the hybrid systems which incorporate features from
signature
> >and host based IDSs. In your opinion, which one is better? Why?
> >
> >
> Well, if you want close monitoring of a single machine, HIDS is better.
> If you want to protect a whole network, NIDS is better. If you want to
> protect both, a hybrid setup is better. Systems like Drangon and
> ACID+logsnorter get bonus points because you can bring HIDS, NIDS, and
> firewall monitoring into one spot.
>
> --
>
> Regards,
> Nick
>
> Nicholas Bachmann, SSCP
> Unix Administrator
> Davison Community Schools
>
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQIVAwUBPQ8S1E/E9ZhK7OS8AQEMUxAArV5uaTZRQuOYUKaoeCQlQWf9aiMQelsI
He8PKZxwXb4JBjxOt2xDLDBBwvkkI9JOnQjsZLHOfhe82XrEUW17hCukAkCJBipc
EcAhZoTL4Hvy2nTEbxeefJ706xs6maUhyJq+OISZ2cLSmmzBonIuntae0yJe3cUp
8lPJX7wUJP2h7WQxti6YwMZsydfdDBr3uOcYZAwXDQiGscgNiPNQNfXOd63BqtQq
IEkcgv9Jh0Ps3S03dh+4AUt8ve1aWm1/xFFOt841cQ3vreRhaADu/GPJPkXBBYUO
asPoWRm7Cr/s12U4vrXZA5rnKEbzDzVWsM2Fcq9oHBbbOhGYCNlPi+7b41DiYIbE
NrmPNe5y/hGYMIWSX9WdijKMSN5X67WDK2ce4tlnqZKaHs32Oln0dzIHob4Uk213
vnUpL8Z00XOG5XxWo787ejr+PFaMhx3UZMq3rcipTBi9TgYgP2yQ5cl0a82aDtWN
dZa9H89ZnwOtLSwtzGv1RwHrgxyWu/ZCBTzwqWn0ZEYJ0RbA9iMn14dK4Cti68FD
SfsvNBX/7lgY9fUGy/hZcHfokoaRKUXG8AOTp1RXgjZUEPtm47LnNe+aM8EFTNz0
OiklGsbBSfAWA/MpbrI1vKkTvmUsSS6ZYBg/9aWzCaCW9zl9sGKzftsh5qSjEujX
4oFchN0TNro=
=9ERp
-----END PGP SIGNATURE-----
- Previous message: Marnix Petrarca: "Re: IDS Players?"
- In reply to: Marnix Petrarca: "Re: IDS Players?"
- Next in thread: Vitaly Osipov: "Signature vs Anomaly- again (wasRe: IDS Players?)"
- Next in thread: Warren Baker: "RE: IDS Players?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
