IDS Opinions/Experiences

From: Owen Creger (OCreger@CreativeSolutions.com)
Date: 04/10/02 

From: Owen Creger <OCreger@CreativeSolutions.com>
To: security-basics@securityfocus.com
Date: Wed, 10 Apr 2002 11:27:09 -0400

I use snort with ACID. It's not in a GIG environment however.
The biggest issue I have with (N)IDS' is the timeliness of the signature
updates. With that regard, snort beats all the commercial (N)IDS' hands
down.
When a new exploit is discovered, a signature for that exploit can be found
within a day. Many commercial (N)IDS only update on a quarterly basis, at
least the last time I checked.
I don't know about you, but I don't feel comfortable allowing someone to try
and break in for 3 month before I know it's happening.

> -----Original Message-----
> From: Thad Horak [mailto:thadhorak@yahoo.com]
> Sent: Thursday, March 28, 2002 5:00 PM
> To: security-basics@securityfocus.com
> Subject: IDS Opinions/Experiences
>
>
> Hi all,
>
> I have a two part question.
>
> First, I am researching different IDS's on the market.
> The potential products is pretty narrow as the network
> that they will be deployed on is GIG. So far I've read
> up on Dragon, SecureNet GIG, & ISS. Are there any
> other NIDS that perform well at near GIG speeds that
> anyone would recommend? Any experiences, good or bad,
> with the above that you wish to share?
>
> The second question is if anyone is actively using
> StealthWatch. I've been reading their whitepapers on
> the "Flow-based" ID and it seems interesting. It
> claims to be neither Signature or Anomaly based. I'm
> curious how it works in the real world.
>
> Thanks in advance.
>
> Thad
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Movies - coverage of the 74th Academy Awards®
> http://movies.yahoo.com/
>

Relevant Pages

  • Re: WSUS - Whats next
    ... Most of my clients and the SBS server have checked in. ... As of this morning only 250meg of the 3.5 gig has been ... connection at the offfice and a 400k at home). ... SBS Manual that talks about importing updates on to networks that are ...
    (microsoft.public.windows.server.sbs)
  • Re: service pack updates
    ... >> updates just fine,changed to a 40 gig and everytime I ... >> the service packs I can't boot up the pc it says device ... >perhaps a BIOS update is needed to recognize the drive. ... updates it's after that it messes up have done BIOS ...
    (microsoft.public.win2000.windows_update)
  • Re: service pack updates
    ... > updates just fine,changed to a 40 gig and everytime I do ... > is missing or device has changed I have to reinstall ... Is this the first time? ...
    (microsoft.public.win2000.windows_update)
  • Re: [SLE] mp3 player
    ... key 5289AC25907C5846 not found on keyserver ... my mp3 player was stolen a couple days ago, ... Apparently they stole your signature right off the key servers too. ... Also available in 2 gig. ...
    (SuSE)
  • Re: Failed updates
    ... Once the other issues are resolved, see this for installing SP1: ... 3.2Ghz hyperthreading chip and 2 Gig of ram. ... Also install an ATI 9800 ... and 20 some regular updates plus 3 drivers. ...
    (microsoft.public.windowsupdate)