Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

session logging IDS

from [Raj Malhotra] Network Security [Permanent Link]
Subject: session logging IDS
Date: Mon, 30 Aug 2004 16:47:58 +0530 
Hello all,

We are evaluating available NIDS products which would work at 100 mbps
and would also do "session logging". By "session logging", we would
want the IDS to log the "entire session" and not just the session
"after" an intrusion is detected.

We saw a couple of IDS which would probably be able to do something like this,
Cisco IDS
Intrushield

Cisco offers session logging as well as replay.
Intrushield says something like "Highly customized capture of
individual packet, individual session, specific source/destination, or
entire traffic stream upon attack detection" which might be translated
as "logging of the session only after an attack has been detected".

Can anyone tell us more about these or any such IDS that are available
which can  log the entire session.
 Also, has anyone used any of these and with what degree of success?
You can mail us back off the list if you so wish so.

thanks
Raj
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?), Mike Frantzen
Next by Date:  Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?), Greg Shipley
Previous by Thread:  serial-line protocols, Raj Malhotra
Next by Thread:  Re: session logging IDS, Martin Roesch
Indexes:  [Date] [Thread] [Top] [All Lists]