RE: IDS ISS

THolman_at_toplayer.com
Date: 05/20/05

  • Next message: Joel Esler: "Re: IDS\IPS that can handle one Gig" 
    To: anatole.berteau@turbomeca.fr, focus-ids@securityfocus.com
Date: Thu, 19 May 2005 20:11:27 -0400

    Hi Anatole,

    What was wrong with Snort?
    There are plenty of implementations possible and it is highly tunable, plus
    you get to see the signatures.
    If it's performance you're worried about, consider running on a platform
    such as SourceFire.
    Is it purely a detection-based solution you're looking for, or do you have
    the means to prevent intrusions inline already?

    Regards,

    Tim

    -----Original Message-----
    From: Berteau Anatole [mailto:anatole.berteau@turbomeca.fr]
    Sent: 17 May 2005 17:03
    To: focus-ids@securityfocus.com
    Subject: IDS ISS

    Hello,

    I'm testing IDS solution. After Snort, i'm beginning to work with ISS.

    What's the minimum architecture to use ISS? Is it possible to use only a
    network sensor? If this solution is available, what's the solution to
    consult alerts?

    Thanks

    Anatole

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------

  • Next message: Joel Esler: "Re: IDS\IPS that can handle one Gig"

    Relevant Pages

    • RE: IDS ISS
      ... Have had several years experience with ISS. ... Sourcefire is doing some very interesting and innovative work with snort ... Subject: IDS ISS ... > Find out quickly and easily by testing it with real-world attacks from ...
      (Focus-IDS)
    • Re: IDS Project
      ... I am a user of ISS Realsecure, as well as Snort. ... Hostbased IDS: Get yourself a Red Hat Linux 7.1 system and install Server Sensor 6.5 ... be also part of the complete IDS paper. ...
      (Focus-IDS)
    • RE: IDS recommendations
      ... Ernon was the market leader in their business sector also. ... heard Enron was ISS' biggest customer so perhaps after Enron falls ISS will no ... We have replaced our Dragon sensors with Snort and our parent company is ... They are also the market leader in IDS ...
      (Focus-IDS)
    • RE: IDS recommendations
      ... I'm currently running a fourteen sensor distributed Snort ... IDS system on my WAN and I'd like to know what issues I should be on the look ... Are there any other Snort users in Houston or am I the only one? ... > response from ISS than any other non open source based IDS tools. ...
      (Focus-IDS)
    • Re: Value of "richer" signatures?
      ... Snort, Dragon, and NFR, and I can tell you that they ... Here's an example of how the newer IDS signatures help ... Let's say you are using a simple packet grepping IDS ... > an FTP connection). ...
      (Focus-IDS)