Re: IDS ISS

• Previous message: Konstantin V. Gavrilenko: "Re: IDS\IPS that can handle one Gig"
• In reply to: THolman_at_toplayer.com: "RE: IDS ISS"
• Next in thread: PPowenski_at_oag.com: "RE: IDS ISS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 20 May 2005 07:58:24 -0400
To: THolman@toplayer.com

I concur. I would always go with Snort over ISS anyday. I've tested
and ran both at the same time on the same network, and Snort not only
out performs, but it would be much easier to look at the data and
configure the IDS. (Or IPS.. Look into Snort-inline)

Joel Esler

On May 19, 2005, at 8:11 PM, THolman@toplayer.com wrote:

> Hi Anatole,
>
> What was wrong with Snort?
> There are plenty of implementations possible and it is highly tunable,
> plus
> you get to see the signatures.
> If it's performance you're worried about, consider running on a
> platform
> such as SourceFire.
> Is it purely a detection-based solution you're looking for, or do you
> have
> the means to prevent intrusions inline already?
>
> Regards,
>
> Tim
>
> -----Original Message-----
> From: Berteau Anatole [mailto:anatole.berteau@turbomeca.fr]
> Sent: 17 May 2005 17:03
> To: focus-ids@securityfocus.com
> Subject: IDS ISS
>
>
>
> Hello,
>
> I'm testing IDS solution. After Snort, i'm beginning to work with ISS.
>
> What's the minimum architecture to use ISS? Is it possible to use only
> a
> network sensor? If this solution is available, what's the solution to
> consult alerts?
>
> Thanks
>
> Anatole
>
> -----------------------------------------------------------------------
> ---
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> -----------------------------------------------------------------------
> ---
>
> -----------------------------------------------------------------------
> ---
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> -----------------------------------------------------------------------
> ---
>

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

• Previous message: Konstantin V. Gavrilenko: "Re: IDS\IPS that can handle one Gig"
• In reply to: THolman_at_toplayer.com: "RE: IDS ISS"
• Next in thread: PPowenski_at_oag.com: "RE: IDS ISS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]