RE: Entercept HIDS Question
From: Ralph H. Chapman (Ralph.Chapman_at_aebs.com)
Date: 03/05/04
- Previous message: Shaiful: "Re: blocking p2p traffic"
- Maybe in reply to: sam_at_neuroflux.com: "Entercept HIDS Question"
- Next in thread: dlimanov_at_sct.com: "RE: Entercept HIDS Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 4 Mar 2004 20:30:42 -0600 To: <focus-ids@securityfocus.com>
I would be interested in hearing when (what time frame) are these "horror" stories coming from. Before or after Entercept was purchased by NAI? Was the "blue screen" incident, as mentioned before, using version 2.5 or 4.1? Thanks!
________________________________
From: dlimanov@sct.com [mailto:dlimanov@sct.com]
Sent: Thu 3/4/2004 9:25 AM
To: Zach.Forsyth@kiandra.com
Cc: focus-ids@securityfocus.com
Subject: RE: Entercept HIDS Question
Same situation here. At the time of evaluation, we've contacted
Entercept only to give up after two months of silence.. Needless to
say, we went with Okena (now Cisco) and are very happy with it.
Just like Zach, I had completely unpatched Windows2000 box with
everything on it in the wild for over three month, protected by Okena
- it did not get hacked. This was one of the best real-life tests I
ever performed. :)
HTH,
Dimitri
|---------+---------------------------->
| | "Zach Forsyth" |
| | <Zach.Forsyth@kia|
| | ndra.com> |
| | |
| | 03/03/2004 05:39 |
| | PM |
| | |
|---------+---------------------------->
>--------------------------------------------------------------------------------------------------------------|
| |
| To: <focus-ids@securityfocus.com> |
| cc: |
| Subject: RE: Entercept HIDS Question |
>--------------------------------------------------------------------------------------------------------------|
I have used the cisco security agent (use to be okena stormwatch) and
the product was very good.
I wanted to use entercept but after trying to contact them for over a
month I gave up.
To test the agent I put a completely unpatched win2k server out on the
internt with the default server agent protecting it.
It sat their for a month and was not compromised at all.
A few hours after the trial period license for the agent expired the
server was hit with sql slammer and infected.
I did a lot more testing in the lab and was pleased with the product
overall.
Unfortunately the client we were looking to deploy the agent changed
their mind and I never got to use it in as real world scenario.
Download the trial and do some internal testing to see what you think.
Cheers
Zach
> -----Original Message-----
> From: Josh.Berry@compucom.com [mailto:Josh.Berry@compucom.com]
> Sent: Wednesday, 3 March 2004 5:25 AM
> To: sam@neuroflux.com
> Cc: focus-ids@securityfocus.com
> Subject: RE: Entercept HIDS Question
>
> My company bought Entercept and then immediately removed it
> from production if that tells you anything. It caused
> blue-screen's like crazy, huge performance issues, and
> blocked an inordinate amount of allowed traffic. This was
> even in detect only mode.
>
> -----Original Message-----
> From: sam@neuroflux.com [mailto:sam@neuroflux.com]
> Sent: Tuesday, March 02, 2004 11:31 AM
> To: focus-ids@securityfocus.com
> Subject: Entercept HIDS Question
>
> Hello.. We are currently in the process of selecting a HIDS
> based product, and according to the Entercept sales person,
> they claim that the product has a feature that works very
> much like Tripwire.
>
> My question here, is how much overhead does it add to a
> server, to watch the filesystem in real time? And, if we
> already have Tripwire, would their File Integrity checking
> process be enough to replace Tripwire?
>
> And, if anyone is currently using the Entercept HIDS product,
> I'm wondering how easily it can be managed (not only from the
> HIDS piece, but from the file integrity standpoint --
> excluding files, creating policies,
> etc.)
>
> Thanks!
> -Sam
>
>
>
> --------------------------------------------------------------
> ----------
> ---
> Free 30-day trial: firewall with virus/spam protection, URL
> filtering, VPN, wireless security
>
> Protect your network against hackers, viruses, spam and other
> risks with Astaro Security Linux, the comprehensive security
> solution that combines six applications in one software
> solution for ease of use and lower total cost of ownership.
>
> Download your free trial at
> http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
> --------------------------------------------------------------
> ----------
> ---
>
>
>
>
> --------------------------------------------------------------
> -------------
> Free 30-day trial: firewall with virus/spam protection, URL
> filtering, VPN,
> wireless security
>
> Protect your network against hackers, viruses, spam and other
> risks with Astaro
> Security Linux, the comprehensive security solution that combines
six
> applications in one software solution for ease of use and
> lower total cost of
> ownership.
>
> Download your free trial at
> http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
> --------------------------------------------------------------
> -------------
>
>
>
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering,
VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks
with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total
cost of
ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
---------------------------------------------------------------------------
- Previous message: Shaiful: "Re: blocking p2p traffic"
- Maybe in reply to: sam_at_neuroflux.com: "Entercept HIDS Question"
- Next in thread: dlimanov_at_sct.com: "RE: Entercept HIDS Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
