Re: IDS for Pix Firewall

From: Andrew Plato (aplato@anitian.com)
Date: 02/10/02


Date: 10 Feb 2002 07:02:32 -0000
From: Andrew Plato <aplato@anitian.com>
To: security-basics@securityfocus.com


('binary' encoding is not supported, stored as-is)

In-Reply-To: <20020207114618.25570.qmail@mail.securityfocus.com>

Snort (Sourcefire), Dragon IDS, Network Flight
Recorder, BlackICE Sentry, Cisco IDS - take your
pix :-)

Snort is definately the cheapest, but it will take you
longer to setup and get alerts.

Personally - Snort and BlackICE are probably the
best performance-wise. But I am biased because this
is what I use. I've been testing Dragon lately...seems
good.

Andrew Plato
President / Principal Consultant
Anitian Corporation
www.anitian.com



Relevant Pages

  • Re: PIX Firewall auditing suggestions please!
    ... Alrighty, I've enabled logging on my PIX firewall, and I have a SysLog ... service running and getting messages (around 8000 and hour at last ... no problems below the application level layer. ... > For the last point an IDS like snort is defintely the better tool: ...
    (comp.security.firewalls)
  • Re: Cisco PIX 501 vs Sun Ultrasparc for VPN connections?
    ... use the pix for your first line of defense.. ... then toss up a 'nix box ... for snort and ids stuff ...
    (comp.security.firewalls)