Re: IDS Project
From: Stephen Cooper (Stephen.Cooper@bis.org)Date: 06/21/02
- Previous message: Kistler Ueli: "IDScenter 1.09 beta 2 is out"
- Maybe in reply to: counter.spy@gmx.de: "IDS Project"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Jun 2002 09:33:18 +0200 From: "Stephen Cooper" <Stephen.Cooper@bis.org> To: <azad.mahmoud@dionach.com>, <counter.spy@gmx.de>, <focus-ids@securityfocus.com>
Hello Azad,
I am a user of ISS Realsecure, as well as Snort.
For Realsecure Network IDS, I suggest you contact enhancments@iss.net and explain what you are doing.
The product managers listen to this mail address, perhaps they will help you out!
Three systems:
It should be easy anough for you to test up to 100Mb speed, 200 Mb Full duplex and Gigabit needs special hardware. You ideally need a dual NIC Windows 2000 Professional system, with one NIC having all protocols unbound from it.
Hostbased IDS: Get yourself a Red Hat Linux 7.1 system and install Server Sensor 6.5
Console system, for Workgroup Manager, can be W2K, XP or NT. All you need is a network segment. On this system, you need some sort of license to make Realsecure work. You could also install Server Sensor on this if you chose NT or W2K.
And of course, something else to test them with.
Stephen
>>> <counter.spy@gmx.de> Thursday 20, June, 2002 18:41:44 >>>
Hello,
>Hi,
>
>I am doing a final project as part of my MSc degree. I am intending to
>evaluate three IDS systems (ISS, Snort, and NFR).
>
>I have some simple experience with snort, but never used ISS or NFR
>although I have the downloads for them. I think I can manage to deploy
>them with the help of available documentations
>
>Questions are:
>
>- Am I making a good selection for products? Bearing in
>mind that I might not be able to get evaluation version of something
>like Dragon.
Why not Dragon? You can download the software and create eval keys on
Enterasys' website.
>- What are the criteria and/or considerations that I have
>to build my conclusions or results on?
>- Any guidance or suggestions?
>
>If there is some one out there who did a similar project, I would be
>most grateful if I can review his papers or at least give me an idea
>about the steps he/she took.
Yep, I did,
but I cannot give you the diploma thesis, it's not for the public.
But I am going to publish a derived IDS paper in september, and next week or
so,
I will publish my criteria catalog for enterprise-wide scaling IDS product,
which will later
be also part of the complete IDS paper.
I will let you all know where to obtain the catalog when it's ready.
>Your help will be very much appreciated.
>
>
>Azad
>
I recommend you not to try a benchmark, but concentrate on scalability,
event correlation, ease of installation and administration and so on.
An open signature format is very important, too.
Stand by until I am ready with my paper.
Greets,
Detmar
-- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.netDISCLAIMER: Any e-mail messages from the Bank for International Settlements are sent in good faith, but shall not be binding nor construed as constituting any obligation on the part of the Bank.
CONFIDENTIALITY NOTICE: This e-mail contains confidential information, which is intended only for the use of the recipient(s) named above. If you have received this communication in error, please notify the sender immediately via e-mail and return the entire message. Thank you for your assistance.
- Previous message: Kistler Ueli: "IDScenter 1.09 beta 2 is out"
- Maybe in reply to: counter.spy@gmx.de: "IDS Project"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
