RE: Entercept HIDS Question

From: Ralph H. Chapman (Ralph.Chapman_at_aebs.com)
Date: 03/05/04

  • Next message: Ravi: "Re: blocking p2p traffic"
    Date: Thu, 4 Mar 2004 20:30:42 -0600
    To: <focus-ids@securityfocus.com>
    
    

    I would be interested in hearing when (what time frame) are these "horror" stories coming from. Before or after Entercept was purchased by NAI? Was the "blue screen" incident, as mentioned before, using version 2.5 or 4.1? Thanks!

    ________________________________

    From: dlimanov@sct.com [mailto:dlimanov@sct.com]
    Sent: Thu 3/4/2004 9:25 AM
    To: Zach.Forsyth@kiandra.com
    Cc: focus-ids@securityfocus.com
    Subject: RE: Entercept HIDS Question

    Same situation here. At the time of evaluation, we've contacted
    Entercept only to give up after two months of silence.. Needless to
    say, we went with Okena (now Cisco) and are very happy with it.
    Just like Zach, I had completely unpatched Windows2000 box with
    everything on it in the wild for over three month, protected by Okena
    - it did not get hacked. This was one of the best real-life tests I
    ever performed. :)
    HTH,

    Dimitri

    |---------+---------------------------->
    | | "Zach Forsyth" |
    | | <Zach.Forsyth@kia|
    | | ndra.com> |
    | | |
    | | 03/03/2004 05:39 |
    | | PM |
    | | |
    |---------+---------------------------->
    >--------------------------------------------------------------------------------------------------------------|
      | |
      | To: <focus-ids@securityfocus.com> |
      | cc: |
      | Subject: RE: Entercept HIDS Question |
    >--------------------------------------------------------------------------------------------------------------|

    I have used the cisco security agent (use to be okena stormwatch) and
    the product was very good.
    I wanted to use entercept but after trying to contact them for over a
    month I gave up.

    To test the agent I put a completely unpatched win2k server out on the
    internt with the default server agent protecting it.
    It sat their for a month and was not compromised at all.
    A few hours after the trial period license for the agent expired the
    server was hit with sql slammer and infected.

    I did a lot more testing in the lab and was pleased with the product
    overall.
    Unfortunately the client we were looking to deploy the agent changed
    their mind and I never got to use it in as real world scenario.
    Download the trial and do some internal testing to see what you think.

    Cheers

    Zach

    > -----Original Message-----
    > From: Josh.Berry@compucom.com [mailto:Josh.Berry@compucom.com]
    > Sent: Wednesday, 3 March 2004 5:25 AM
    > To: sam@neuroflux.com
    > Cc: focus-ids@securityfocus.com
    > Subject: RE: Entercept HIDS Question
    >
    > My company bought Entercept and then immediately removed it
    > from production if that tells you anything. It caused
    > blue-screen's like crazy, huge performance issues, and
    > blocked an inordinate amount of allowed traffic. This was
    > even in detect only mode.
    >
    > -----Original Message-----
    > From: sam@neuroflux.com [mailto:sam@neuroflux.com]
    > Sent: Tuesday, March 02, 2004 11:31 AM
    > To: focus-ids@securityfocus.com
    > Subject: Entercept HIDS Question
    >
    > Hello.. We are currently in the process of selecting a HIDS
    > based product, and according to the Entercept sales person,
    > they claim that the product has a feature that works very
    > much like Tripwire.
    >
    > My question here, is how much overhead does it add to a
    > server, to watch the filesystem in real time? And, if we
    > already have Tripwire, would their File Integrity checking
    > process be enough to replace Tripwire?
    >
    > And, if anyone is currently using the Entercept HIDS product,
    > I'm wondering how easily it can be managed (not only from the
    > HIDS piece, but from the file integrity standpoint --
    > excluding files, creating policies,
    > etc.)
    >
    > Thanks!
    > -Sam
    >
    >
    >
    > --------------------------------------------------------------
    > ----------
    > ---
    > Free 30-day trial: firewall with virus/spam protection, URL
    > filtering, VPN, wireless security
    >
    > Protect your network against hackers, viruses, spam and other
    > risks with Astaro Security Linux, the comprehensive security
    > solution that combines six applications in one software
    > solution for ease of use and lower total cost of ownership.
    >
    > Download your free trial at
    > http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
    > --------------------------------------------------------------
    > ----------
    > ---
    >
    >
    >
    >
    > --------------------------------------------------------------
    > -------------
    > Free 30-day trial: firewall with virus/spam protection, URL
    > filtering, VPN,
    > wireless security
    >
    > Protect your network against hackers, viruses, spam and other
    > risks with Astaro
    > Security Linux, the comprehensive security solution that combines
    six
    > applications in one software solution for ease of use and
    > lower total cost of
    > ownership.
    >
    > Download your free trial at
    > http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
    > --------------------------------------------------------------
    > -------------
    >
    >
    >

    ---------------------------------------------------------------------------

    Free 30-day trial: firewall with virus/spam protection, URL filtering,
    VPN,
    wireless security

    Protect your network against hackers, viruses, spam and other risks
    with Astaro
    Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total
    cost of
    ownership.

    Download your free trial at
    http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
    wireless security

    Protect your network against hackers, viruses, spam and other risks with Astaro
    Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost of
    ownership.

    Download your free trial at
    http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
    wireless security

    Protect your network against hackers, viruses, spam and other risks with Astaro
    Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost of
    ownership.

    Download your free trial at
    http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
    ---------------------------------------------------------------------------


  • Next message: Ravi: "Re: blocking p2p traffic"

    Relevant Pages

    • RE: Entercept HIDS Question
      ... Subject: Entercept HIDS Question ... > Protect your network against hackers, viruses, spam and other ... > risks with Astaro Security Linux, ... the comprehensive security solution that combines six ...
      (Focus-IDS)
    • RE: Entercept HIDS Question
      ... Entercept only to give up after two months of silence.. ... > Protect your network against hackers, viruses, spam and other ... > risks with Astaro Security Linux, ... the comprehensive security solution that combines six ...
      (Focus-IDS)
    • RE: Entercept HIDS Question
      ... Subject: Entercept HIDS Question ... Security Linux, the comprehensive security solution that combines six ... firewall with virus/spam protection, URL filtering, VPN, ...
      (Focus-IDS)
    • RE: blocking p2p traffic
      ... than the Packeteer, but IMHO performs better then the Packeteer. ... >> Protect your network against hackers, viruses, spam and other risks with ... >> Security Linux, the comprehensive security solution that combines six ...
      (Focus-IDS)
    • Re: Entercept HIDS Question
      ... We bought Entercept along with Cisco IDS 4250 appliance (Entercept used to ... be Cisco HIDS, now Cisco packaged the Okena HIDs). ... Security Linux, the comprehensive security solution that combines six ...
      (Focus-IDS)