FW: IDS Opinions
From: Madalin Bratu (madalin_at_provision.ro)
Date: 06/14/04
- Previous message: Adam Powers: "Re: ssh and ids"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Jun 2004 11:51:16 +0200 To: <focus-ids@securityfocus.com>
First of all, I recommend a depper analysis on IDS-IPS vendors
In my opinion, Snort can be a choice, and CA eTrust Intrusion Detection is a hybrid solution (a security suite component).
The best choices in tehnology, Security Knowledge Intellingence, experience and vendor support can be ISS & NAI and Cisco (in this order).
But depends on your requirements...
Best regards,
Madalin BRATU
Security Solutions Advisor
ProVision - Security Expert Center TM
Tel: (+4021) 3211568, 3213749
Fax:(+4021) 3236570
web: http://www.provision.ro
Mobil: 0788.574.981
---------------------------------------------
P-ta Alba Iulia, nr.8, Bl. I 7, sc. 3, et. 2 - 4, Sector 3, Bucuresti
---------------------------------------------
Disclaimer: Informatia continuta în acest mesaj este destinata numai proprietarului adresei de email la care a fost trimis. Folosirea de catre alte persoane a informatiei este interzisa. Provision este exonerata de orice pagube rezultate din folosirea neautorizata a acestei informatii. Daca nu sunteti persoana careia i-a fost adresat acest mesaj, va rugam sa nu folositi în nici un fel continutul sau. Daca ati primit acest mesaj din greseala, va rugam sa notificati imediat expeditorul, prin email, fax sau telefon si sa distrugeti mesajul original.
© 2004, Copyright ProVision
-----Original Message-----
From: Devdas Bhagat [mailto:devdas@dvb.homelinux.org]
Sent: 7 iunie 2004 18:29
To: focus-ids@securityfocus.com
Subject: Re: IDS Opinions
On 02/06/04 11:05 +0530, manish wrote:
<snip>
> options then the best fit will be Snort or CA. Snort is a freeware
> with ability to perform signature based and contact based intrusion
> detection. can work in inline or stealth mode. Can integrate with any
> firewall you can think of. Works on Linux machine. Doen not require
> high memory or CPU. Can perform wide range of responces. But U need
> little expertise on Linux for that.
If you are running any IDS, you should have extremely good knowledge of your chosen platform to run the IDS on.
AFAIK, Snort runs on almost any Unix and not just Linux.
I would not dare to run any IDS on MS Windows, for the simple reason that I do not have enough understanding of MS Windows to do that properly.
> CA is Windows based IDS and has integrated Antivirus, URL Filter, and
> Content Inspection which are addons to the product. Highly user
> friendly and provide wide range of options. Problem is a little
> costl;y and works in low range loads only and requires high CPU and memory.
Any analyser needs gobs of CPU and RAM.
If I may suggest it, the antivirus and URL filtering capabilities belong to a firewall, not an IDS.
Devdas Bhagat
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Adam Powers: "Re: ssh and ids"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
