Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: CISCOs new IPS

from [Tony Torri] Network Security [Permanent Link]
Subject: RE: CISCOs new IPS
Date: Mon, 20 Dec 2004 12:58:39 -0600 
All, 

We have been using Cisco IDS for about a year now.  Lot of problems with the 
4215 IDS units...they keep breaking and it takes 2 to 4 weeks to get a 
replacement unit from Cisco.   Even though we have a service agreement in place 
to provide IDS unit within 48 hours max.  Service and help from the Cisco reps 
has been awful. 

There is no way we would consider using their IPS units....their IDS have 
enough problems. 

Thanks!

Tony 


-----Original Message-----
From: Barnes Brandon A1C AFWA/SCHS [mailto:brandon.barnes@afwa.af.mil]
Sent: Friday, December 17, 2004 6:56 AM
To: Christoph Pertl (tm011081); focus-ids@securityfocus.com
Subject: RE: CISCOs new IPS


Christoph,

I can tell you from real world experience that Cisco has not been the best
choice for IDS/IPS.

Their IDS (specifically, the network appliances) seem to have been a
knee-jerk reaction to market demand. Like most of Cisco's products lately,
there's little innovation on their side and a lot of money being thrown at
smaller companies that may not have a wholly developed product.

Their support has been very lack-luster. We actually allowed one TAC case to
go on for months with no response. Finally, we voiced our frustration to our
area Cisco reps, that finally (sort of) got things done. It got us a
response from our TAC Engineer, but the issue fixed itself (magic, I know.)
This is how most issues have been with the IDS. The TAC engineer can't
figure it out so we either have to rebuild our Cisco Works server, reload
our appliances, or just wait for it to fix itself.

In that same meeting with the Cisco reps, they assured us that our devices
were no where near end of life. An announcement from Cisco about a month ago
has proclaimed the death of the IDS line (specifically the products we have)
and their movement towards IPS.

A specific problem we've had is with the IDS module for Cisco Works. This
software seems to be delicately stuck together with toothpicks and
bubble-gum. Cisco just recently came out with (but failed to inform us) a
2.0 version of the software. On paper it looks great. Fixes all the problems
we've had and adds features that address our annoyances. I'm glad we didn't
load it on our production server. Setting it up in the lab we got everything
setup, only to find we can't even bring the event viewer up. Apparently 2.1
and 2.3 are coming soon.

Because of all this we've recently been in the market for a replacement.
We've been doing a lot of research as well as our own testing. Everything
we've read about the Cisco IPS screams "stay away." It's often the lowest
rated system out of those tested.

I hoped this helped allow you a good perspective. I hope that you find
information on both sides as we are just one source.

-Brandon

-----Original Message-----
From: Christoph Pertl (tm011081) [mailto:tm011081@fh-stpoelten.ac.at] 
Sent: Wednesday, December 15, 2004 00 32
To: focus-ids@securityfocus.com
Subject: CISCOs new IPS

Hi,

I'm right now in the middle of a Project with the goal to implement an IPS 
in an existing infrastructure. One of our possible Partners offers us the 
new IPS Product from Cisco.

Does anyone of you now something about this machine or at least about the 
older IDS-Box because I think the Inspection Engine will be the same?

Any Information about how well it performs in a real environment would be 
great

Christoph 


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: about a free opensource tools to catch the system calls, Brian Azzopardi
Next by Date:  Intrushield vs. ISS once more..., Jacob Winston
Previous by Thread:  RE: CISCOs new IPS, Barnes Brandon A1C AFWA/SCHS
Next by Thread:  Local Mirror Prevention with IDS, Dimitrios Patsos
Indexes:  [Date] [Thread] [Top] [All Lists]