Evaluating various NIPS

From: H B (modestproposal81_at_gmail.com)
Date: 06/14/05

  • Next message: Michael Boman: "Re: Snort & iptables on the same box" 
    Date: Tue, 14 Jun 2005 15:22:03 -0400
To: focus-ids@securityfocus.com

    Hello all,
    I'm an ungergrad computer sci major working with my school's IT
    department for the summer. I'm involved in a project looking in to
    various NIPS to replace our current homegrown system which has become
    too cumbersome to maintain on a small staff (we're not a huge school),
    and I have a few questions to ask.

     - We are really interested in a system that requires as little
    manpower as humanly possible to maintain effectively (i.e. automatic
    updates, good service and support) and one that has a fairly powerful
    managing system in terms of forensic analysis. What should I look for
    (and perhaps avoid) to reduce false positives and other such things
    that could waste valuable time?

     - In a related question: Should I lean away from products that rely
    heavily on various types of anomaly detection and head towards systems
    that rely more on signature detection and other methods?

     - At risk of igniting the ASIC debate again, we need to maintain Gb
    speed on the network segment that this is to be deployed on. Again,
    what experiences have people had, specifically in dealing with NAI,
    Tipping Point, Juniper, Cisco, Fortinet, and SourceFire products.

     - Are there any resources online other than NSS that can give me some
    independent review and analysis on these products?

    Thanks,
    Hans Bruesch-Olsen

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------

  • Next message: Michael Boman: "Re: Snort & iptables on the same box"