Re: Computer Associates eTrust

From: rocco.s (rocco.s_at_telstra.com)
Date: 05/14/04

  • Next message: Marc: "Strange pings from 127.0.0.1" 
    Date: Fri, 14 May 2004 12:25:07 +1000
To: Endre.Szekely-Bencedi@hu-tcs.com

    eTrust NIDS is a piece of junk.

    a friend of a friend, put the etrust nids (it runs on windows) in a large corporate, tapping a 34mbit fibre link.

    this link was always at about 20mbit utilization.

    the product would crash, incorrectly log data, log useless stuff (Without the ability to disable that rule/feature), die when 'rolling' the logs, crash when creating reports and generaly run like a pig.

    he had to create a hack access-database -> ms sql export feature of his own (yeah, it uses access! 2gb limit), just to be able to create reports on logs kept for 5 days...

    the ca guys said that the solution was to disable everything, and run with a limited signature set (yeah, real useful).

    in the end the ca etrust product was thrown out and something else put in its place.

    my advice - buy a dishwasher, its more likely to help your organisation with NIDS than the CA eTrust NIDS product.

    (he was using version 2 of the nids product)

    the system was a dual 3ghz machine running win2k adv. svr. with everything turned off. intel gbit nic's off a nice intrusion inc tap.

                                                                          

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Marc: "Strange pings from 127.0.0.1"